Using Smartcards without it's public key

Werner Koch wk at
Sun Mar 4 11:31:24 CET 2012

On Sun,  4 Mar 2012 00:54, mustrum at said:

> Can't we  recreate/guess the public part from the private part, at least
> from off-card keys ?

There are three different things:

1. The RSA parameters (basically the secret primes P and Q).  This is
   the only informaton stored on a card.  Mathematically this is
   sufficient to decrypt something.

2. The OpenPGP secret key.  This is the collection of the one or more of
   the above RSA parameters, the user ids, self-signature, and key
   binding signatures.  GPG makes this OpenPGP secret key available with
   --export-secret-key and --import allows to import it.  For technical
   reasons GnuPG versions < 2.1 store the OpenPGP secret key in the
   secring.gpg file.

   A variant of this secret key does not have the actual RSA parameters
   but a stub indicating that the actual parameters are offline (his is
   a GnuPG extension of the OpenPGP standard).  This stub can be created
   on the fly from a public key ( see below).  "gpg --card-status" does
   this if the public key is available.

3. The OpenPGP public key.  This is what you find on the key servers.
   GPG can create it fromfrom an OpenPGP secret key.

> I noticed that importing a private key from en export also create the
> public one.

Right, see point 3 above.  It usually does not include any third
party key signatures,



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list