Nikola Lakić :arch:: "If I have password protected (you need password t…" - Mastodon 🔐 privacytools.io

Nikola Lakić @nikolal@social.privacytools.io

If I have password protected (you need password to import it in gnupg keyring) armored secret key is it possible to derive its public key from it?

Aug 15, 2020, 14:31 · · · ·

Aug 15, 2020, 14:34

Nikola Lakić @nikolal@social.privacytools.io

To be more clear, password to import secret key is not known

1

Aug 16, 2020, 01:45

Mister Monster @mister_monster@social.privacytools.io

1+

Aug 16, 2020, 09:25

Nikola Lakić @nikolal@social.privacytools.io

@mister_monster
I could import public key even if I didn't know password, I'll show you how when I get home

0

Aug 16, 2020, 11:14

Nikola Lakić @nikolal@social.privacytools.io

@mister_monster You can import public key from password protected secret key just by "gpg --import secretkey" and canceling prompts for password input, public key would still be imported. I don't think its great flaw, it would be nice if public key couldn't be derived from secret without knowing password, for example if attacker gets backups of secret keys he couldn't do lookup on keyservers to see whose those secret keys are.

0

Sign in to participate in the conversation