Using Smartcards without it's public key
Werner Koch
wk at gnupg.org
Sun Mar 4 11:31:24 CET 2012
On Sun, 4 Mar 2012 00:54, mustrum at mustrum.net said:
> Can't we recreate/guess the public part from the private part, at least
> from off-card keys ?
There are three different things:
1. The RSA parameters (basically the secret primes P and Q). This is
the only informaton stored on a card. Mathematically this is
sufficient to decrypt something.
2. The OpenPGP secret key. This is the collection of the one or more of
the above RSA parameters, the user ids, self-signature, and key
binding signatures. GPG makes this OpenPGP secret key available with
--export-secret-key and --import allows to import it. For technical
reasons GnuPG versions < 2.1 store the OpenPGP secret key in the
secring.gpg file.
A variant of this secret key does not have the actual RSA parameters
but a stub indicating that the actual parameters are offline (his is
a GnuPG extension of the OpenPGP standard). This stub can be created
on the fly from a public key ( see below). "gpg --card-status" does
this if the public key is available.
3. The OpenPGP public key. This is what you find on the key servers.
GPG can create it fromfrom an OpenPGP secret key.
> I noticed that importing a private key from en export also create the
> public one.
Right, see point 3 above. It usually does not include any third
party key signatures,
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users
mailing list