Does GPG Ever Store RSA Secret Keys On The Disk In Plain?

Annie Yousar a.yousar at informatik.hu-berlin.de
Fri Dec 18 12:54:04 CET 2020 

Ángel, your answer is correct, but incomplete.

The key is not encrypted with the passphrase, but with a secret key 
derived (by S2K) from the passphrase with the help of a salt. Therefore 
each export gives different export data, despite using the same passphrase.

/Ann.

Am 18.12.2020 um 01:43 schrieb Ángel:
> On 2020-12-16 at 14:47 -0500, Novak Boškov wrote:
>> Hell everyone,
>>
>> On this link is the following statement:
>>> To help safeguard your key, GnuPG does not store your raw private
>>> key on disk. Instead it encrypts it using a symmetric encryption
>>> algorithm.
>>   However, I'm not entirely clear on what happens when I do:
>>> gpg --export-secret-keys --armor <key_id>
>>   Is the secret key block that appears on STDOUT my plain secret key
>> or is it its encrypted version?
> It is encrypted with your passphrase. You (or an attacker) will need
> the passphrase in order to use that exported secret key.
>
> Except if the secret key wasn't protected with a passphrase, in which
> case the exported key isn't, either.
>
> You can verify yourself if the key is protected or not by feeding it to
> gpg --list-packets.
>
> A key protected with a passphrase will have a packet similar to this:
> :secret sub key packet:
> 	version 4, algo 1, created 1608251624, expires 0
> 	pkey[0]: [1024 bits]
> 	pkey[1]: [17 bits]
> 	iter+salt S2K, algo: 7, SHA1 protection, hash: 2, salt:
> 1546427246151681
> 	protect count: 32505856 (239)
> 	protect IV:  eb f7 79 f8 0c cc b8 a6 e7 e4 88 c1 7b a8 0f e4
> 	skey[2]: [v4 protected]
> 	keyid: <key id>
>
>
> whereas if it didn't have a passphrase, you would see a simpler packet
> with the data directly available:
> :secret sub key packet:
> 	version 4, algo 1, created 1608251706, expires 0
> 	pkey[0]: [1024 bits]
> 	pkey[1]: [17 bits]
> 	skey[2]: [1023 bits]
> 	skey[3]: [512 bits]
> 	skey[4]: [512 bits]
> 	skey[5]: [511 bits]
> 	checksum: 9f84
> 	keyid: <key id>
>
>
>
> The confusion probably comes because it requests the passphrase before
> exporting. This didn't use to be the case (it just copied the protected
> key file), but the way gpg-agent is dealing with the private key, it
> now needs the passphrase to decrypt it, and then it is encrypted again
> with the same passphrase before being output.
>
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>

More information about the Gnupg-users mailing list