Do PGP private key blocks "contain" the public key as well?

13

2

I've noticed that if I import my ASCII-armored PGP private key into an otherwise empty GnuPG keyring (by deleting ~/.gnupg beforehand), the keyring contains both the public and private keys. Also, the ASCII-armored private key block is around twice the size of my public key counterpart, which leads me to believe that the private key block contains both the private and public keys, whereas the public key block only contains the latter.

Since I've created my key, until now, I've backed up my keys with one file containing my exported private key block, and another with my exported public key block. Is my public key block backup redundant, and am I therefore safe just keeping the private key file?

I use this command to create the private key file:

gpg --export-secret-keys -a > private

and this command to create the public key file:

gpg --export -a > public

Delan Azabani

Posted 2012-06-09T11:23:52.767

Reputation: 976

1For someone to answer your question you would need to add the commands you use to export your keys. The answer is probably in that. But what would you gain by not exporting the public key? I'd say leave it in your backup routine, it doesn't cost anything and for every purpose where you need only the public key you already have it available. – Bram – 2012-06-09T11:33:53.673

Thanks Bram; I've edited the question for extra clarity. And yes, saving ~3 KB has no real benefit, I'm merely curious. – Delan Azabani – 2012-06-09T11:37:10.723

Answers

15

Yes, the OpenPGP "secret key" and "secret subkey" packets contain both public and private parameters. You can verify this by using pgpdump to examine the exported key:

$ gpg --export-secret-key grawity | pgpdump
Old: Secret Key Packet(tag 5)(1854 bytes)
    Ver 4 - new
    Public key creation time - Sat Oct 31 14:54:03 EET 2009
    Pub alg - RSA Encrypt or Sign(pub 1)
    RSA n(4096 bits) - ...
    RSA e(17 bits) - ...
    Sym alg - CAST5(sym 3)
    Iterated and salted string-to-key(s2k 3):
        Hash alg - SHA1(hash 2)
        Salt - 12 24 0f e1 5b 7e e2 46 
        Count - 65536(coded count 96)
    IV - 91 a3 44 71 47 87 a4 ba 
    Encrypted RSA d
    Encrypted RSA p
    Encrypted RSA q
    Encrypted RSA u
    Encrypted SHA1 hash

This is true for most asymmetric key systems, not just OpenPGP.

user1686

Posted 2012-06-09T11:23:52.767

Reputation: 283 655

I don't think that it's true for a PEM-encoded RSA PUBLIC KEY and RSA SECRET KEY blocks. – vy32 – 2016-04-07T19:20:03.993

2

@vy32: Those are not OpenPGP keys so it's irrelevant. But, it's still true for those as well. (Note how openssl genrsa outputs only the "private" block, so the public block can be derived from it.) You can examine them yourself: openssl genrsa 512 | openssl asn1parse -i. Or check RFC 3447 Appendix A which clearly shows modulus & publicExponent in the RSAPrivateKey structure.

– user1686 – 2016-04-07T20:38:34.100

Asked: 2012-06-09T11:23:52.767

Viewed: 5 453 times

Active: 2012-06-09T11:43:29.390