GPG Private Key Export Question

David Shaw dshaw at jabberwocky.com
Thu Sep 26 22:53:27 CEST 2013 

On Sep 26, 2013, at 12:54 PM, Paul Taukatch <ptaukat at gmail.com> wrote:

> I had a question regarding exporting a private key using GPG.
> 
> I generated a Key pair using GPG 1.4.13 and then used the export command to export the private key into another file.
> 
> Based on the RFC 4880 documentation: 
>    A Secret-Key packet contains all the information that is found in a 
>    Public-Key packet, including the public-key material, but also 
>    includes the secret-key material after all the public-key fields.
> 
> But when I --list-packets on the file it does not seem to contain any information about the public key. So my question is, do GPG private key packets contain the public key information as specified by the RFC 4880 documentation?

Yes.  This isn't an actual public key packet - just the contents of the public key packet at the end of the secret data, so it doesn't show up as a ":public key packet:" in --list-packets.

> Also, is there anyway to export a key pair using a single GPG command into a single file?

Not exactly, but (at least using GPG) you get the same effect.  If you import a secret key and you don't have the public key, GPG will use the embedded public key data to recreate the public key, so effectively an exported secret key is like exporting a key pair.

> Also, I had a question regarding the Key Fingerprint/Key ID and its relation to the public/private key pair. While viewing my keys using GPG it seems that the private key has the same Key ID as the public key. 

Correct.

> Based on the RFC4880 specifications I know that a fingerprint is generated by :
> 
> A V4 fingerprint is the 160-bit SHA-1 hash of the octet 0x99,
>    followed by the two-octet packet length, followed by the entire
>    Public-Key packet starting with the version field. for the secre
> 
> My question then is, when I attempt to import my exported secret key, how is the key fingerprint calculated for the secret key, is it based only  on the "public key packet" portion or is it also based on the secret key information? 

It's based only on the public key information.

David

More information about the Gnupg-users mailing list