export secret subkeys

Dirk-Willem van Gulik dirkx at webweaving.org
Thu Aug 17 16:17:42 CEST 2017


> On 17 Aug 2017, at 16:06, Peter Lebbing <peter at digitalbrains.com> wrote:
> 
> On 17/08/17 15:39, Dirk-Willem van Gulik wrote:
>> # off=0 ctb=95 tag=5 hlen=3 plen=533
>> :secret key packet:
>> 	version 4, algo 1, created 1502976628, expires 0
>> 	pkey[0]: [4096 bits]
>> 	pkey[1]: [17 bits]
>> 	gnu-dummy S2K, algo: 0, simple checksum, hash: 0
>> 	protect IV:
>> 	keyid: 774BFCB80257A25B
> 
> Note "gnu-dummy S2K". This is an empty placeholder for the key material.
> An OpenPGP secret key always contains the primary key, but this is
> GnuPG's method to get away with not actually including the primary key
> nonetheless.

Thank you !

> "S2K" means "String to Key", and an S2K is a method that derives a
> cryptographic key from a passphrase. The cryptographic key is
> subsequently used to encrypt the secret key material (well, apart from
> the fact that this is a dummy that doesn't actually do that).
> 
> And an OpenPGP secret key always contains the public key as well, which
> /is/ included, in pkey[0] and pkey[1] (pkey -> public key).

Clear. So I need to figure out why paperkey outputs more than I am expecting when minimalizing.

>> :secret sub key packet:
>> 	version 4, algo 1, created 1502976632, expires 0
>> 	pkey[0]: [4096 bits]
>> 	pkey[1]: [17 bits]
>> 	iter+salt S2K, algo: 7, SHA1 protection, hash: 2, salt: 1B6594BA5204BCCC
>> 	protect count: 16777216 (224)
>> 	protect IV:  a0 16 38 e5 6b a0 3c f0 16 f9 a4 17 c6 ba 14 a6
>> 	skey[2]: [v4 protected]
>> 	keyid: 11A28C9369E55B8C
> 
> And this is actually secret key material. First the public key again,
> then the secret key in skey[2] (skey -> secret key). It is protected by
> the "iter+salt" S2K.
> 
> This packet will be significantly larger than the earlier packet.

Ok. And it is. Thanks for helping to narrow this down,

Kind regards,

Dw.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 223 bytes
Desc: Message signed with OpenPGP
URL: </pipermail/attachments/20170817/df991dbc/attachment.sig>


More information about the Gnupg-users mailing list