On 17/08/17 15:39, Dirk-Willem van Gulik wrote: > # off=0 ctb=95 tag=5 hlen=3 plen=533 > :secret key packet: > version 4, algo 1, created 1502976628, expires 0 > pkey[0]: [4096 bits] > pkey[1]: [17 bits] > gnu-dummy S2K, algo: 0, simple checksum, hash: 0 > protect IV: > keyid: 774BFCB80257A25B
Note "gnu-dummy S2K". This is an empty placeholder for the key material. An OpenPGP secret key always contains the primary key, but this is GnuPG's method to get away with not actually including the primary key nonetheless. "S2K" means "String to Key", and an S2K is a method that derives a cryptographic key from a passphrase. The cryptographic key is subsequently used to encrypt the secret key material (well, apart from the fact that this is a dummy that doesn't actually do that). And an OpenPGP secret key always contains the public key as well, which /is/ included, in pkey[0] and pkey[1] (pkey -> public key). > :secret sub key packet: > version 4, algo 1, created 1502976632, expires 0 > pkey[0]: [4096 bits] > pkey[1]: [17 bits] > iter+salt S2K, algo: 7, SHA1 protection, hash: 2, salt: 1B6594BA5204BCCC > protect count: 16777216 (224) > protect IV: a0 16 38 e5 6b a0 3c f0 16 f9 a4 17 c6 ba 14 a6 > skey[2]: [v4 protected] > keyid: 11A28C9369E55B8C And this is actually secret key material. First the public key again, then the secret key in skey[2] (skey -> secret key). It is protected by the "iter+salt" S2K. This packet will be significantly larger than the earlier packet. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users