Ubuntu – How to match exported OpenPGP public and private key pairs

gnupgopenpgp

I have a few backed up public and private key files. How can I check which public key file corresponds to which private key file?

I had generated 2048 byte public and private GnuPG key pairs using

gpg --gen-key

To backup the public key(s), I exported them using

gpg --armor --output ~/gpg_keys_backup/<Public Key Id>-public.key --export <Public Key Id>

To backup the private key(s), I exported them using

gpg --armor --output ~/gpg_keys_backup/<Private Key ID>-private.key --export-secret-keys <Private Key ID>

How do I determine which backed up keys belong to a pair?

Best Answer

By listing the secret key file's contents, you can query which public key a secret key belongs to.

gpg --list-packets [secret-key-file] | head
:secret key packet:
        version 4, algo 1, created 1356475387, expires 0
        pkey[0]: [8192 bits]
        pkey[1]: [17 bits]
        gnu-dummy S2K, algo: 0, simple checksum, hash: 0
        protect IV: 
        keyid: 4E1F799AA4FF2279

The last line quoted keyid contains the public key's long key ID.

Related Solutions

Ubuntu – How to import a private key into GPG so that it becomes the default key

To change the GnuPG behaviour on what key it selects on signing/encryption, use the default-key configuration parameter with the key ID as the value.

So, for example, with

$ gpg --list-secret-keys 
/home/gert/.gnupg/secring.gpg
-----------------------------
sec   4096R/13371337 2011-01-01 [expires: 2014-01-01]
uid                  Gert van Dijk (1st key) <name@example.tld>
ssb   4096R/31337313 2011-01-01

sec   4096R/12345678 2013-04-23 [expires: 2014-01-01]
uid                  Gert van Dijk (2nd key) <name@example.tld>
ssb   4096R/87654321 2013-04-23

add a line in ~/.gnupg/gpg.conf:

default-key 12345678

or, alternatively, use the long key ID (recommended as short key IDs can have collisions):

$ gpg --list-secret-keys --with-colon
sec::4096:1:ABCDEFAB12345678:2013-01-01:2014-01-01:::Gert van Dijk (2nd key) <user@example.tld>:::

and add a line in ~/.gnupg/gpg.conf:

default-key ABCDEFAB12345678

Ubuntu – GnuPG Private key can be exported without password

It's not a security risk. The only vulnerability you are ;). You have to make sure that does not get your private key into the wrong hands.

Everyone who has access to your system and has sufficient access rights, can copy your key. Seahorse can not prevent that, too.

Encrypt your partitions and use a sufficiently strong password for your user account. Lock your system when you leave your workstation. Made sure that your backups are encrypted.

Best Answer

Related Solutions

Ubuntu – How to import a private key into GPG so that it becomes the default key

Ubuntu – GnuPG Private key can be exported without password

Related Question