GPG Private Key Export Question

Paul Taukatch ptaukat at gmail.com
Thu Sep 26 18:54:29 CEST 2013


I had a question regarding exporting a private key using GPG.

I generated a Key pair using GPG 1.4.13 and then used the export command to
export the private key into another file.

Based on the RFC 4880 documentation:
   A Secret-Key packet contains all the information that is found in a
   Public-Key packet, including the public-key material, but also
   includes the secret-key material after all the public-key fields.

But when I --list-packets on the file it does not seem to contain any
information about the public key. So my question is, do GPG private key
packets contain the public key information as specified by the RFC 4880
documentation?

Also, is there anyway to export a key pair using a single GPG command into
a single file?

The following is the out of my private key export using --list-packets:
:secret key packet:
        version 4, algo 1, created 1376423121, expires 0
        skey[0]: [2048 bits]
        skey[1]: [17 bits]
        iter+salt S2K, algo: 7, SHA1 protection, hash: 2, salt:
5e4fccb70f72afef
        protect count: 65536 (96)
        protect IV: d1 7c 18 34 ab c7 be 14 f6 3d ec 49 86 1e ae 62
        encrypted stuff follows
:user ID packet: "Testee McTestin (Test All Day) <someEmail.com>"
:signature packet: algo 1, keyid 611F977E042D92BD
        version 4, created 1376423121, md5len 0, sigclass 0x13
        digest algo 2, begin of digest 48 b8
        hashed subpkt 2 len 4 (sig created 2013-08-13)
        hashed subpkt 27 len 1 (key flags: 03)
        hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2)
        hashed subpkt 21 len 5 (pref-hash-algos: 8 2 9 10 11)
        hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
        hashed subpkt 30 len 1 (features: 01)
        hashed subpkt 23 len 1 (key server preferences: 80)
        subpkt 16 len 8 (issuer key ID 611F977E042D92BD)
        data: [2048 bits]
:secret sub key packet:
        version 4, algo 1, created 1376423121, expires 0
        skey[0]: [2048 bits]
        skey[1]: [17 bits]
        iter+salt S2K, algo: 7, SHA1 protection, hash: 2, salt:
5e4fccb70f72afef
        protect count: 65536 (96)
        protect IV: 0a 16 bb e5 4a 91 84 0c 34 da 62 c4 2f 66 03 ef
        encrypted stuff follows
:signature packet: algo 1, keyid 611F977E042D92BD
        version 4, created 1376423121, md5len 0, sigclass 0x18
        digest algo 2, begin of digest 79 b1
        hashed subpkt 2 len 4 (sig created 2013-08-13)
        hashed subpkt 27 len 1 (key flags: 0C)
        subpkt 16 len 8 (issuer key ID 611F977E042D92BD)
        data: [2048 bits]


Also, I had a question regarding the Key Fingerprint/Key ID and its
relation to the public/private key pair. While viewing my keys using GPG it
seems that the private key has the same Key ID as the public key.

Output of editing my key pair using GPG:

pub  2048R/042D92BD  created: 2013-08-13  expires: never       usage: SC
                     trust: ultimate      validity: ultimate
sub  2048R/87E42A5D  created: 2013-08-13  expires: never       usage: E
[ultimate] (1). Testee McTestin (Test All Day) <someEmail.com>

gpg> toggle

sec  2048R/042D92BD  created: 2013-08-13  expires: never
ssb  2048R/87E42A5D  created: 2013-08-13  expires: never
(1)  Testee McTestin (Test All Day) <someEmail.com>


Based on the RFC4880 specifications I know that a fingerprint is generated
by :

A V4 fingerprint is the 160-bit SHA-1 hash of the octet 0x99,
   followed by the two-octet packet length, followed by the entire
   Public-Key packet starting with the version field. for the secre

My question then is, when I attempt to import my exported secret key, how
is the key fingerprint calculated for the secret key, is it based only on
the "public key packet" portion or is it also based on the secret key
information?

Sorry for the very long question and I really appreciate any help on the
matter!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130926/1d8a072b/attachment.html>


More information about the Gnupg-users mailing list