Do PGP private key blocks "contain" the public key as well?
I've noticed that if I import my ASCII-armored PGP private key into an otherwise empty GnuPG keyring (by deleting ~/.gnupg
beforehand), the keyring contains both the public and private keys. Also, the ASCII-armored private key block is around twice the size of my public key counterpart, which leads me to believe that the private key block contains both the private and public keys, whereas the public key block only contains the latter.
Since I've created my key, until now, I've backed up my keys with one file containing my exported private key block, and another with my exported public key block. Is my public key block backup redundant, and am I therefore safe just keeping the private key file?
I use this command to create the private key file:
gpg --export-secret-keys -a > private
and this command to create the public key file:
gpg --export -a > public
Solution 1:
Yes, the OpenPGP "secret key" and "secret subkey" packets contain both public and private parameters. You can verify this by using pgpdump to examine the exported key:
$ gpg --export-secret-key grawity | pgpdump Old: Secret Key Packet(tag 5)(1854 bytes) Ver 4 - new Public key creation time - Sat Oct 31 14:54:03 EET 2009 Pub alg - RSA Encrypt or Sign(pub 1) RSA n(4096 bits) - ... RSA e(17 bits) - ... Sym alg - CAST5(sym 3) Iterated and salted string-to-key(s2k 3): Hash alg - SHA1(hash 2) Salt - 12 24 0f e1 5b 7e e2 46 Count - 65536(coded count 96) IV - 91 a3 44 71 47 87 a4 ba Encrypted RSA d Encrypted RSA p Encrypted RSA q Encrypted RSA u Encrypted SHA1 hash
This is true for most asymmetric key systems, not just OpenPGP.