3

I'm trying to make a paper based backup of a 4092 bit secret/private PGP key using a QR code generator, but the key is just too big. I'm going to go low tech here and split it into two pieces, but perhaps I don't need to. I know that when exporting the secret key, it also exports the public key embedded within it.

Is there any way to remove the public portion of the key from that file, or prior to exporting, so that the resulting file is only the private key?

I'm not certain the resulting file will be small enough still, but it is worth a shot.

D:\Users\tharding>gpg --edit-key "04EAC14C"
gpg (GnuPG) 2.0.26; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

pub  4096R/04EAC14C  created: 2015-02-11  expires: never       usage: SCE
                     trust: unknown       validity: unknown
[ unknown] (1). Timothy Harding <hardingt@gmail.com>

gpg> key 1
No subkey with index 1

gpg> delkey
You must select at least one key.

gpg> delkey 0
You must select at least one key.

Update: From what I can tell, (looking at the ASCII Armored output for both the public key and the private key) it looks like they are structured this way:

GPG ASCII Armored Key File Format

Update 2:

Looked at the files again, and this is what I've got, I haven't pulled out a hex editor yet to verify the non armored files, but I've found surprisingly little help online about how these key files are internally structured:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 

4    header chars ??
1517 pub key chars
4    footer chars ??
-----END PGP PUBLIC KEY BLOCK-----

and

-----BEGIN PGP PRIVATE KEY BLOCK-----
Version:

4    different header chars from pub key ??
700  pub key chars
1772 private key chars (possibly some header/footer to do with the symmetric cipher)
817  pub key chars (same total 1517, exact same ASCII sequence if put together)
4    different footer chars from pub key ??
-----END PGP PRIVATE KEY BLOCK-----

Update 3: Took a look at the binary pub/private keys and found that:

  • public key is 1138 bytes
    • 4 unique bytes
    • 1134 bytes found in private key as well
  • private key is 2467 bytes
    • 4 unique bytes
    • 524 of which are found verbatim in the public key
    • 1329 of which are unique to the private key
    • 38 bytes which are found verbatim in the public key (key name & Email address)
    • 572 bytes which are found verbatim in the public key
Timothy Harding
  • 277
  • 2
  • 12
  • Just wondering - too big for what, exactly? Is there any problem with printing on several pages in an OCR-friendly font? (Note from bitter experience: make sure you choose a font where the zero and letter O can be distinguished by your OCR software...) – Paul M Furley Mar 02 '15 at 18:09
  • To big for a QR code. I'm not printing out ASCII (which is certainly an option), I'm trying to fit a 4096 bit private key in a single QR code. QR codes are big enough for a single 4096 bit key, but not for both the private and the public key (which is automatically included with the private key). – Timothy Harding Mar 03 '15 at 19:59
  • Ah, apologies, it appears I didn't read your question :) – Paul M Furley Mar 04 '15 at 11:21

1 Answers1

2

There is a program called Paperkey[1], written by David Shaw[2], that extracts only the private key information from an exported OpenPGP private key.

Excerpt from the package description:

extract just the secret information out of OpenPGP secret keys

The Paperkey page has a version already built for Windows 32bit, and provides the source to compile on Linux, Unix, *BSD and OSX.

Paperkey is also available via the package manager on some Linux/BSD distributions.

Example package manager installs -

apt (debian) -

apt-get install paperkey

yum (redhat)

yum install paperkey

pkg (bsd)

pkg install paperkey

ports (bsd)

cd /usr/ports/security/paperkey
make install clean
kylehuff
  • 5,177
  • 2
  • 34
  • 35