9

I need to generate a PGP Public/Private key. I've never done this before. I've read documentation but the examples given do not match what I am seeing on my computer.

I generated the keys with gnupg.

I run the command to list the public keys

gpg --list-keys --keyid-format LONG

and I get a structure like this.

pub   rsa2048/123456789101112A 2000–01-01 [SC] [expires: 2000-01-01]
      ABCD1234ABCD1234ABCD1234ABCD1234ABCD1234

uid                 [ultimate] Firstname Surname <email@gmail.com> 
sub   rsa2048/ABCDEFGHIJKLMNO1 2000-01-01 [E] [expires: 2000-01-01]

I then run a command to get the secret keys

gpg --list-secret-keys --keyid-format LONG

and I get the same structure

sec   rsa2048/123456789101112A 2000–01-01 [SC] [expires: 2000-01-01]
      ABCD1234ABCD1234ABCD1234ABCD1234ABCD1234

uid                 [ultimate] Firstname Surname <email@gmail.com> 
ssb   rsa2048/ABCDEFGHIJKLMNO1 2000-01-01 [E] [expires: 2000-01-01]

What's different here is the pub, sub, sec, and ssb tags, but the content is the exact same.

Which is the public private key in each example that's generated?

Is the sequence in the first line of pub or sec after the 'rsa2048/' (123456789101112A in the example) the public key? And then the longer sequence in the line below (ABCD1234ABCD1234ABCD1234ABCD1234ABCD1234 in the example) is the matching private key?

Or is the public key the sequence in the first line of pub or sec after the 'rsa2048/' (123456789101112A in the example) and then the matching private key is the line of sub or ssb after the 'rsa2048/' (ABCDEFGHIJKLMNO1 in the example)?

Charles Duffy
  • 280,126
  • 43
  • 390
  • 441
AnonyMouse
  • 432
  • 8
  • 24
  • 2
    [`doc/DETAILS`](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=doc/DETAILS;h=b915f0658e8d809380472e814e8e2aa712cbc247;hb=HEAD) has information about the `--with-colons` format, which contains the same information as the "human readable" version. That might get you on the right track. The numbers after the algorithms are [OpenGPG KeyIDs](https://superuser.com/questions/769452/what-is-a-openpgp-gnupg-key-id). They always reference the public key (even for private keys). **pub** and **sub** are public keys and **sec** and **ssb** are private keys. – dhke Jun 28 '17 at 20:46
  • Thanks very much! That was really, really informative!! It leads to another question though; I now know what my `Primary Key` is, and what my `Subkey` is. So I'm assuming that I can use the Primary Key's `KeyId` to encrypt? And the Subkey's `KeyId` to `decrypt`? Except that my SubKey's `Key Capabilities` is just 'e' - encrypt. So I can't decrypt with it? – AnonyMouse Jun 29 '17 at 21:06
  • If you look closely, the primary key is a pure **S**igning key. That's why it has a subkey for **E**ncryption. You use the **secret** key of a signing key to **sign** a message and the **public** key to verify the signature. For **encryption** keys you use the **public** key for encryption and the matching **private** key for decryption. Gnupg very closely tries to make sure you use separate keys for singing and encrypting. – dhke Jun 29 '17 at 21:11
  • This is only a question about gnupg -- not a question about bash (gnupg is not part of bash, it's a separate program not tied to any specific shell), or about terminals (this behavior is the same if your output goes to a terminal, or if it goes to a file, a web browser or anywhere else). I've cleaned up the tagging. – Charles Duffy Dec 28 '20 at 12:29
  • Also, note that general questions about UNIX tools are better fit for our sister site [unix.se], whereas Stack Overflow is specific to questions about _writing software_. – Charles Duffy Dec 28 '20 at 12:32

1 Answers1

2

When you list your keys, pub is always your public key, and it could be saw as you "main" key. Associated with it (this "main" key), you have a private key. Any other key (sub, ssb etc.) are sub-keys that are private. In order to get the meanings for sec, sub, ssb & pub, you can read this post: gnupg - What do 'ssb' and 'sec' mean in gpg's output

I hope this could solve your 'problem'.

DuDa
  • 3,718
  • 4
  • 16
  • 36
alencc1986
  • 55
  • 2
  • 13