Re: PGP scripting...

From: Brian Hatch (secprogat_private)
Date: Thu Jan 09 2003 - 07:57:19 PST

  • Next message: Andre Mariën: "Re: PGP scripting..."

    >>The public key is derived from the private key. Anyone in possession of the
    >>private key is by definition also in possession of the public key. The same
    >>is not true in reverse, a party can possess the public key without the
    >>ability to (reasonably) discover the matching private key.
    
    > Not true, there is no relation between the keys in that way, you can't find
    > one key from the other in any order. The only difference between the keys is
    > that you keep the private key secret. Either key can be used to
    > encrypt/decrypt messages. Here is an Algorithm for finding the public and
    > private keys:
    
    It is true, you can't algorithmically derive one from the other.
    However OpenPGP secrets contain the public key in the private
    keyring just in case.
    
    From  http://www.gnupg.org/(en)/documentation/faqs.html#q4.21
    
    --------
    
    4.21) I still have my secret key, but lost my public key. What can I do?
    
       All OpenPGP secret keys have a copy of the public key inside them,
    and in a worst-case scenario, you can create yourself a new public key
    using the secret key.
    
       A tool to convert a secret key into a public one has been included
    (it's actually a new option for gpgsplit) and is available with GnuPG
     versions 1.2.1 or later (or can be found in CVS). It works like this:
    
       $ gpgsplit --no-split --secret-to-public secret.gpg >publickey.gpg
    
       One should first try to export the secret key and convert just this
    one. Using the entire secret keyring should work too.  After this has
    been done, the publickey.gpg file can be imported into GnuPG as usual.
    
    --------
    
    
    So yes, having only the private *keyring* you can recover the
    public key.
    
    
    
    
    --
    Brian Hatch                  "Wonderful lady.  Talks
       Systems and                more and says less than
       Security Engineer          anyone I've ever met."
    www.hackinglinuxexposed.com
    
    Every message PGP signed
    
    
    



    This archive was generated by hypermail 2b30 : Mon Jan 20 2003 - 18:24:22 PST