Import "Raw" RSA Secret Key?

David Shaw dshaw at
Fri Dec 20 03:28:17 CET 2013

On Dec 19, 2013, at 7:10 PM, Eric Swanson <eswanson at> wrote:

> I'm trying to import a "raw" RSA secret key into GnuPG.
> I have p, q, d and the creation timestamp, as well as anything else
> that can be computed from them (n, u, e, etc etc).
> I've been implementing bits of RFC 4880 in an attempt to generate
> valid secret key files, but it looks like GnuPG won't import a key
> unless it has a valid self-signature, and that chunk of the
> specification is large and looks painful to implement.
> So how can I best get my (p,q,d,timestamp,n,u,e) structure into a
> valid GPG key which can be used to sign, encrypt, etc messages?

If you can manage to make a RFC 4880 secret key packet, you should be able to combine it with a user ID packet (either generate one yourself - no crypto needed - or just copy one from another key), and then import the result with --allow-non-selfsigned-uid.  That should skip the need for a self-signature.  Once you have it imported, you can self-sign it via GPG, using "--edit-key xxxxxx sign".


More information about the Gnupg-users mailing list