How to get my GNUPG Elgamal private key exponent?

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri May 1 15:57:27 CEST 2015


On Fri 2015-05-01 02:37:03 -0400, Danny Crane wrote:

> I have tried googling around. The closest solution I get is:
>
> private.key contains the private key file.
>
> $pgpdump -i private.key
>
> But this only gives me the following:
>
> ElGamal p
> ElGamal g
> ElGamal y
> Encrypted Elgamal x
> some other information of crypto
>
> It shows the value for p,g,y, but not x. How can I find out the value of x?


pgpdump shows that x is encrypted.  pgpdump isn't capable of decrypting
it.

If you remove the passphrase from your secret key, you should be able to
produce a file that pgpdump can parse for you.

however, note that this places your secret key material is a very
exposed place -- anyone who gets that file can trivially compromise your
key.

Since el gamal keys are usually subkeys, you might try *only* exporting
the subkey without a passphrase, so that at least you do not expose the
secret key material for your primary key.

Using gpg 1.4.x or 2.0.x, that should be possible with:


gpg --export-options export-reset-subkey-passwd --export-secret-subkeys ${SUBKEYID}\! | pgpdump

yes, that is a literal ! at the end.  so if your subkey ID is
0x1234567890abcdef, then you would run:

gpg --export-options export-reset-subkey-passwd --export-secret-subkeys 0x1234567890abcdef\! | pgpdump

hth,

        --dkg



More information about the Gnupg-users mailing list