GPG Private Key Export Question

Paul Taukatch ptaukat at gmail.com
Fri Sep 27 15:58:35 CEST 2013


Really appreciate the help and the quick response!

I just wanted to clarify, where exactly is the public key information
stored within the exported secret key data? Is it part of the Secret key
packet as part of the "Encrypted stuff follows section" or is following
that? I'm currently trying to develop some software and would like to
extract the public key value along with the fingerprint/ID information from
the exported secret key packet. I'm assuming that when GPG imports such a
secret key packet it is able to extract the public key info and able to
link it to the corresponding public key (if one exists within the keyring
already) or is able to reconstruct and place the public key if it does not
already exist.

Thanks again,
-Paul


On Thu, Sep 26, 2013 at 4:53 PM, David Shaw <dshaw at jabberwocky.com> wrote:

> On Sep 26, 2013, at 12:54 PM, Paul Taukatch <ptaukat at gmail.com> wrote:
>
> > I had a question regarding exporting a private key using GPG.
> >
> > I generated a Key pair using GPG 1.4.13 and then used the export command
> to export the private key into another file.
> >
> > Based on the RFC 4880 documentation:
> >    A Secret-Key packet contains all the information that is found in a
> >    Public-Key packet, including the public-key material, but also
> >    includes the secret-key material after all the public-key fields.
> >
> > But when I --list-packets on the file it does not seem to contain any
> information about the public key. So my question is, do GPG private key
> packets contain the public key information as specified by the RFC 4880
> documentation?
>
> Yes.  This isn't an actual public key packet - just the contents of the
> public key packet at the end of the secret data, so it doesn't show up as a
> ":public key packet:" in --list-packets.
>
> > Also, is there anyway to export a key pair using a single GPG command
> into a single file?
>
> Not exactly, but (at least using GPG) you get the same effect.  If you
> import a secret key and you don't have the public key, GPG will use the
> embedded public key data to recreate the public key, so effectively an
> exported secret key is like exporting a key pair.
>
> > Also, I had a question regarding the Key Fingerprint/Key ID and its
> relation to the public/private key pair. While viewing my keys using GPG it
> seems that the private key has the same Key ID as the public key.
>
> Correct.
>
> > Based on the RFC4880 specifications I know that a fingerprint is
> generated by :
> >
> > A V4 fingerprint is the 160-bit SHA-1 hash of the octet 0x99,
> >    followed by the two-octet packet length, followed by the entire
> >    Public-Key packet starting with the version field. for the secre
> >
> > My question then is, when I attempt to import my exported secret key,
> how is the key fingerprint calculated for the secret key, is it based only
>  on the "public key packet" portion or is it also based on the secret key
> information?
>
> It's based only on the public key information.
>
> David
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130927/14484a09/attachment-0001.html>


More information about the Gnupg-users mailing list