Reputation: 377
Delete public key from Private for Private key storage with GPG
I'm trying to make a paper based backup of a 4092 bit secret/private PGP key using a QR code generator, but the key is just too big. I'm going to go low tech here and split it into two pieces, but perhaps I don't need to. I know that when exporting the secret key, it also exports the public key embedded within it.
Is there any way to remove the public portion of the key from that file, or prior to exporting, so that the resulting file is only the private key?
I'm not certain the resulting file will be small enough still, but it is worth a shot.
D:\Users\tharding>gpg --edit-key "04EAC14C"
gpg (GnuPG) 2.0.26; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Secret key is available.
pub 4096R/04EAC14C created: 2015-02-11 expires: never usage: SCE
trust: unknown validity: unknown
[ unknown] (1). Timothy Harding <[email protected]>
gpg> key 1
No subkey with index 1
gpg> delkey
You must select at least one key.
gpg> delkey 0
You must select at least one key.
Update: From what I can tell, (looking at the ASCII Armored output for both the public key and the private key) it looks like they are structured this way:
Update 2:
Looked at the files again, and this is what I've got, I haven't pulled out a hex editor yet to verify the non armored files, but I've found surprisingly little help online about how these key files are internally structured:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version:
4 header chars ??
1517 pub key chars
4 footer chars ??
-----END PGP PUBLIC KEY BLOCK-----
and
-----BEGIN PGP PRIVATE KEY BLOCK-----
Version:
4 different header chars from pub key ??
700 pub key chars
1772 private key chars (possibly some header/footer to do with the symmetric cipher)
817 pub key chars (same total 1517, exact same ASCII sequence if put together)
4 different footer chars from pub key ??
-----END PGP PRIVATE KEY BLOCK-----
Update 3: Took a look at the binary pub/private keys and found that:
- public key is 1138 bytes
- 4 unique bytes
- 1134 bytes found in private key as well
- private key is 2467 bytes
- 4 unique bytes
- 524 of which are found verbatim in the public key
- 1329 of which are unique to the private key
- 38 bytes which are found verbatim in the public key (key name & Email address)
- 572 bytes which are found verbatim in the public key
Upvotes: 3
Views: 2389
Answers (1)
Reputation: 5393
There is a program called Paperkey[1], written by David Shaw[2], that extracts only the private key information from an exported OpenPGP private key.
Excerpt from the package description:
extract just the secret information out of OpenPGP secret keys
The Paperkey page has a version already built for Windows 32bit, and provides the source to compile on Linux, Unix, *BSD and OSX.
Paperkey is also available via the package manager on some Linux/BSD distributions.
Example package manager installs -
apt (debian) -
apt-get install paperkey
yum (redhat)
yum install paperkey
pkg (bsd)
pkg install paperkey
ports (bsd)
cd /usr/ports/security/paperkey
make install clean
Upvotes: 2
Related Questions
- How to delete GPG keys no longer needed?
- (gnupg) Which is the public and which is the private key in this pair?
- GPG unable to delete secret key
- Overwrite private key in Go
- How the correct way to revoke GPG on key server?
- How to gpg encrypt with ssh public key?
- GnuPG encrypt with private key
- how to encrypt a file using private key in gpg
- Using python gnupg, my private key is being read in as a public key
- gnupg decryption using public key provided by the vendor