CODEWITHSUNDEEP
encryptionopensslrsagnupgprivate-key
LL0rd
LL0rd

Reputation: 11

How can I export the RSA Key from a GPG Keychain?

I would like to encrypt / decrypt Data with RSA. So I generated a new Keypair with PGP.

gpg --full-generate-key
gpg (GnuPG) 2.3.7; Copyright (C) 2021 g10 Code GmbH
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Bitte wählen Sie, welche Art von Schlüssel Sie möchten:
   (1) RSA und RSA
   (2) DSA und Elgamal
   (3) DSA (nur signieren)
   (4) RSA (nur signieren)
   (9) ECC (signieren, verschlüsseln) *standard*
   (10) ECC (nur signieren)
   (14) Vorhandener Schlüssel auf der Karte    
Ihre Auswahl? 1

When I export the key with:

gpg --export-secret-key --armor --output mykey.asc

I get this kind of file:

-----BEGIN PGP PRIVATE KEY BLOCK-----

lQcYBGLoxDcBEACavJOlQvSY9g+bjHgzMSOOnTQ+pgMukFPsUUDIXZZkT/YVcgn7
...

This is a GPG Key, not an RSA Key. Or at least not the pure RSA Key.

For example, if I use openssl to generate the RSA Key, I get for:

openssl genrsa  -out private.pem 2048

This key now has the typical RSA Signature at the beginning.

-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDBWbLfGcMBn4fu

So the Question is, how can I export the pure RSA (public) Key from the GPG Keychain? The Reason I just can't use the OpenSSL Keys is because I want to store the private Key on a SmartCard like an YubiKey. And this I can only do with the GPG Module.

Upvotes: 1

Views: 2037

Answers (2)

Zach
Zach

Reputation: 958

gpg (GnuPG) implements the so-called "hybrid encryption" where an asymmetric key (eg. RSA public/private key pair) is used to encrypt a symmetric key (eg. AES256) that is used to encrypt your data.

Normally asymmetric key (RSA) is not used directly to encrypt the data (it's very slow if the data is large). But for some reason if you really want to do it, you'll need a low level library like pycryptodome where you have more freedom to pick and choose your key and cipher.

Upvotes: 0

Nickolay Olshevsky
Nickolay Olshevsky

Reputation: 14160

OpenPGP (and GnuPG as implementation of the OpenPGP standard) uses their own key format, which is not raw RSA PKCS#1 key as it is used by the openssl. If you need a raw key you should generate it with openssl.

Upvotes: 1

Related Questions