Re: PGP scripting...

From: Brian Hatch (secprog@ifokr.org)
Date: 01/09/03

Next message: Timo Sirainen: "Re: Preventing ptrace()"

Previous message: Jason Lunz: "Re: Preventing ptrace()"
In reply to: Tom Arseneault: "RE: PGP scripting..."
Next in thread: Andre Mariën: "Re: PGP scripting..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 9 Jan 2003 07:57:19 -0800
From: Brian Hatch <secprog@ifokr.org>
To: Tom Arseneault <TArseneault@counterpane.com>

>>The public key is derived from the private key. Anyone in possession of the
>>private key is by definition also in possession of the public key. The same
>>is not true in reverse, a party can possess the public key without the
>>ability to (reasonably) discover the matching private key.

> Not true, there is no relation between the keys in that way, you can't find
> one key from the other in any order. The only difference between the keys is
> that you keep the private key secret. Either key can be used to
> encrypt/decrypt messages. Here is an Algorithm for finding the public and
> private keys:

It is true, you can't algorithmically derive one from the other.
However OpenPGP secrets contain the public key in the private
keyring just in case.

From http://www.gnupg.org/(en)/documentation/faqs.html#q4.21

--------

4.21) I still have my secret key, but lost my public key. What can I do?

All OpenPGP secret keys have a copy of the public key inside them,
and in a worst-case scenario, you can create yourself a new public key
using the secret key.

A tool to convert a secret key into a public one has been included
(it's actually a new option for gpgsplit) and is available with GnuPG
versions 1.2.1 or later (or can be found in CVS). It works like this:

$ gpgsplit --no-split --secret-to-public secret.gpg >publickey.gpg

One should first try to export the secret key and convert just this
one. Using the entire secret keyring should work too. After this has
been done, the publickey.gpg file can be imported into GnuPG as usual.

--------

So yes, having only the private *keyring* you can recover the
public key.

--
Brian Hatch                  "Wonderful lady.  Talks
   Systems and                more and says less than
   Security Engineer          anyone I've ever met."
www.hackinglinuxexposed.com
Every message PGP signed

application/pgp-signature attachment: stored

Next message: Timo Sirainen: "Re: Preventing ptrace()"
Previous message: Jason Lunz: "Re: Preventing ptrace()"
In reply to: Tom Arseneault: "RE: PGP scripting..."
Next in thread: Andre Mariën: "Re: PGP scripting..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: PGP scripting...
... cryptosystems, ... In these systems divulging your private key compromises the public ... Here is a quick over view of the public key encryption routines (the ...
(SecProg)
Re: Private & Public Key storage location
... with that you complete the 'certificate' to have both public and private key ... To view the complete cert, you access the cert mmc, ... its end & send only the public key to the CA along with the other websites ... The CA never know the private key of the website. ...
(microsoft.public.inetserver.iis.security)
CryptImportKey NTE_BAD_KEY error.
... of the private key is just fine but when I try to import the public key I ... // This Asymetric key set will be used to create the Autherization Code. ... delete psBuffer; ...
(microsoft.public.security)
Re: Private & Public Key storage location
... client use the public key to ... corresponds to this certiticate' when you view the cert. ... it will has the private key as well. ... installed for your website, it will be sent to all the clients who connect ...
(microsoft.public.inetserver.iis.security)
CryptImportKey NTE_BAD_KEY error.
... of the private key is just fine but when I try to import the public key I ... // This Asymetric key set will be used to create the Autherization Code. ... delete psBuffer; ...
(microsoft.public.platformsdk.security)