What are the file in ~/.gnupg ?

Jacob Bachmeyer jcb62281 at gmail.com
Sat Oct 30 03:53:05 CEST 2021

Damien Goutte-Gattat via Gnupg-users wrote:
> On Fri, Oct 29, 2021 at 04:04:11PM +0200, Romain LT via Gnupg-users 
> wrote:
> [...]
>> private-keys-v1.d/
>> folder with private keys files, named afte key or subkey keygrip
>> Is there only the private key part of my own keys in this ? or
>> is there a way to obtain public+private key from one of those
>> files ?
> Private key only. I believe the purely “mathematical” components of 
> the public key can be derived from it (though I may be wrong here), 
> but that does not include the User IDs and associated signatures, that 
> are necessary to make a ”full” public key – those components are in 
> pubring.kbx.

You are correct: key generation for asymmetric systems involves randomly 
choosing a private key and calculating the corresponding public key. The 
mathematics are such that this is easy but the reverse is believed to be 
computationally infeasible. There are a variety of "neat math tricks" to 
make the system more efficient under various conditions, but ultimately 
public keys are derived from private keys and this determines which key 
is which.

For example, RSA relies on the ease of calculating a product versus the 
presumed difficulty of factoring composites of two approximately 
similar-magnitude primes. Either key can decrypt a message encrypted by 
the other; smoothing over some mathematical and cryptographic details, 
this is used for signatures by encrypting the signature with the private 
key which allows the public key to decrypt (verify) it.

Again, the difference between the public and private keys is that, given 
the private key the public key can be calculated, while the private key 
cannot be (feasibly) calculated given the public key.

You may note that I have been very light on details; this is 
intentional. If you are unclear about a basic detail like this, you will 
almost certainly fall into one of numerous pitfalls that make asymmetric 
systems easily breakable. Do not roll your own; use an existing 
well-vetted Free program (like GPG!) instead. ***NEVER*** trust nonfree 
cryptographic software: you have no way to even begin to effectively 
audit such a "black box" for backdoors and the history of proprietary 
encryption is exceptionally bad, ranging from simple incompetence 
(proprietary algorithms tend to fall to cryptanalysis quite quickly once 
they are examined) to deliberate backdoors.

-- Jacob

More information about the Gnupg-users mailing list