Backup of GPG private keys?

Ángel angel at
Sun Jan 30 04:25:24 CET 2022

On 2022-01-28 at 08:18 +0100, Werner Koch wrote:
> The problem here is that the public parts of the encrypted private
> parts are not authenticated and by modifying the public parts and
> tricking the user to import such a modified backup, information about
> the secret key can be revealed.

I'm a bit confused by this claim, Werner. 

Say you fetch your key backup from Mallory's safe, and take it to your
basement. The import wouldn't be an online process with timing leaks.
The feedback that Mallory might get is his friend at the door blaming
him for providing a tampered backup.

The private part wouldn't be modifiable without the passphrase. And if
the public part was changed, it would no longer match the secret part
(or it could match the secret key, but have a different creation
timestamp and be effectively a different key than the one you were
expecting to restore), so it should get rejected. And pubkey with a
prime of 1 shall be invalid.
Some preferences could be added/stripped from the public key
(undesirable), but that's far from revealing information from the
secret key.

Could you elaborate? I am surely missing something.

Best regards

More information about the Gnupg-users mailing list