export secret subkeys
Dirk-Willem van Gulik
dirkx at webweaving.org
Thu Aug 17 16:17:42 CEST 2017
> On 17 Aug 2017, at 16:06, Peter Lebbing <peter at digitalbrains.com> wrote:
>
> On 17/08/17 15:39, Dirk-Willem van Gulik wrote:
>> # off=0 ctb=95 tag=5 hlen=3 plen=533
>> :secret key packet:
>> version 4, algo 1, created 1502976628, expires 0
>> pkey[0]: [4096 bits]
>> pkey[1]: [17 bits]
>> gnu-dummy S2K, algo: 0, simple checksum, hash: 0
>> protect IV:
>> keyid: 774BFCB80257A25B
>
> Note "gnu-dummy S2K". This is an empty placeholder for the key material.
> An OpenPGP secret key always contains the primary key, but this is
> GnuPG's method to get away with not actually including the primary key
> nonetheless.
Thank you !
> "S2K" means "String to Key", and an S2K is a method that derives a
> cryptographic key from a passphrase. The cryptographic key is
> subsequently used to encrypt the secret key material (well, apart from
> the fact that this is a dummy that doesn't actually do that).
>
> And an OpenPGP secret key always contains the public key as well, which
> /is/ included, in pkey[0] and pkey[1] (pkey -> public key).
Clear. So I need to figure out why paperkey outputs more than I am expecting when minimalizing.
>> :secret sub key packet:
>> version 4, algo 1, created 1502976632, expires 0
>> pkey[0]: [4096 bits]
>> pkey[1]: [17 bits]
>> iter+salt S2K, algo: 7, SHA1 protection, hash: 2, salt: 1B6594BA5204BCCC
>> protect count: 16777216 (224)
>> protect IV: a0 16 38 e5 6b a0 3c f0 16 f9 a4 17 c6 ba 14 a6
>> skey[2]: [v4 protected]
>> keyid: 11A28C9369E55B8C
>
> And this is actually secret key material. First the public key again,
> then the secret key in skey[2] (skey -> secret key). It is protected by
> the "iter+salt" S2K.
>
> This packet will be significantly larger than the earlier packet.
Ok. And it is. Thanks for helping to narrow this down,
Kind regards,
Dw.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 223 bytes
Desc: Message signed with OpenPGP
URL: </pipermail/attachments/20170817/df991dbc/attachment.sig>
More information about the Gnupg-users
mailing list