Procedure of deriving a pruivate key from the password

Christine Kremsmayr c.kremsmayr at
Mon Apr 4 13:07:26 CEST 2016

I only have a vague and incomplete understandig of the procedure in 
which GnuPG derives a private key from a password.
As far as I know each private key is stored in the private keyring by a 

The generation of the private key is as following:

1. The user creates a password.
2. GnuPG adds an accidential bit sequence (= salt) to the password. The 
bit sequence is stored seperatedly from the password.
3. Password and Salt (bit sequence) are concatenated.
4. This concatenation is hased by the hash function in use 

Steps 2 to 4 builds up one iteration.  I can control the number of 
iterations by the option --s2k-count.

After the last iteration the resulting hash value is mangled. The result 
of this mangling process ist the private key.

Question 1: What exactly is "mangling"?
Question 2: Did I get a correct understanding of the key derivation 
process or am I wrong?

(Sry for my weird english.)

Best regards Christine

More information about the Gnupg-users mailing list