Damien Goutte-Gattat via Gnupg-users wrote:
On Fri, Oct 29, 2021 at 04:04:11PM +0200, Romain LT via Gnupg-users
wrote:
[...]
private-keys-v1.d/
folder with private keys files, named afte key or subkey keygrip
Is there only the private key part of my own keys in this ? or
is there a way to obtain public+private key from one of those
files ?
Private key only. I believe the purely “mathematical” components of
the public key can be derived from it (though I may be wrong here),
but that does not include the User IDs and associated signatures, that
are necessary to make a ”full” public key – those components are in
pubring.kbx.
You are correct: key generation for asymmetric systems involves randomly
choosing a private key and calculating the corresponding public key. The
mathematics are such that this is easy but the reverse is believed to be
computationally infeasible. There are a variety of "neat math tricks" to
make the system more efficient under various conditions, but ultimately
public keys are derived from private keys and this determines which key
is which.
For example, RSA relies on the ease of calculating a product versus the
presumed difficulty of factoring composites of two approximately
similar-magnitude primes. Either key can decrypt a message encrypted by
the other; smoothing over some mathematical and cryptographic details,
this is used for signatures by encrypting the signature with the private
key which allows the public key to decrypt (verify) it.
Again, the difference between the public and private keys is that, given
the private key the public key can be calculated, while the private key
cannot be (feasibly) calculated given the public key.
You may note that I have been very light on details; this is
intentional. If you are unclear about a basic detail like this, you will
almost certainly fall into one of numerous pitfalls that make asymmetric
systems easily breakable. Do not roll your own; use an existing
well-vetted Free program (like GPG!) instead. ***NEVER*** trust nonfree
cryptographic software: you have no way to even begin to effectively
audit such a "black box" for backdoors and the history of proprietary
encryption is exceptionally bad, ranging from simple incompetence
(proprietary algorithms tend to fall to cryptanalysis quite quickly once
they are examined) to deliberate backdoors.
-- Jacob
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
