What are the file in ~/.gnupg ?
Jacob Bachmeyer
jcb62281 at gmail.com
Sat Oct 30 03:53:05 CEST 2021
Damien Goutte-Gattat via Gnupg-users wrote:
> On Fri, Oct 29, 2021 at 04:04:11PM +0200, Romain LT via Gnupg-users
> wrote:
> [...]
>> private-keys-v1.d/
>> folder with private keys files, named afte key or subkey keygrip
>> Is there only the private key part of my own keys in this ? or
>> is there a way to obtain public+private key from one of those
>> files ?
>
> Private key only. I believe the purely “mathematical” components of
> the public key can be derived from it (though I may be wrong here),
> but that does not include the User IDs and associated signatures, that
> are necessary to make a ”full” public key – those components are in
> pubring.kbx.
You are correct: key generation for asymmetric systems involves randomly
choosing a private key and calculating the corresponding public key. The
mathematics are such that this is easy but the reverse is believed to be
computationally infeasible. There are a variety of "neat math tricks" to
make the system more efficient under various conditions, but ultimately
public keys are derived from private keys and this determines which key
is which.
For example, RSA relies on the ease of calculating a product versus the
presumed difficulty of factoring composites of two approximately
similar-magnitude primes. Either key can decrypt a message encrypted by
the other; smoothing over some mathematical and cryptographic details,
this is used for signatures by encrypting the signature with the private
key which allows the public key to decrypt (verify) it.
Again, the difference between the public and private keys is that, given
the private key the public key can be calculated, while the private key
cannot be (feasibly) calculated given the public key.
You may note that I have been very light on details; this is
intentional. If you are unclear about a basic detail like this, you will
almost certainly fall into one of numerous pitfalls that make asymmetric
systems easily breakable. Do not roll your own; use an existing
well-vetted Free program (like GPG!) instead. ***NEVER*** trust nonfree
cryptographic software: you have no way to even begin to effectively
audit such a "black box" for backdoors and the history of proprietary
encryption is exceptionally bad, ranging from simple incompetence
(proprietary algorithms tend to fall to cryptanalysis quite quickly once
they are examined) to deliberate backdoors.
-- Jacob
More information about the Gnupg-users
mailing list