Does GPG Ever Store RSA Secret Keys On The Disk In Plain?

Novak Boškov boskov at bu.edu
Tue Dec 22 19:34:04 CET 2020


This is confusing.

If I do:

> $ gpg --output sec_key.pgp --export-secret-keys <key_id>
> $ gpg --list-packets sec_key.pgp

My :secret sub key packet: looks more like the latter, which Angel says
indicates my key is _not_ protected by a passphrase.

However, if I do:

> $ gpg --passwd <key_id>

It asks me to enter the key's passphrase to "unlock it". Now, why does
it ask me to enter the passphrase if there is no passphrase for the
given key?

Ultimately, which one of the two is right; is my key stored in plane on
the disk because it does not have the `iter+salt` part in `gpg
--list-packets`, or is it stored encrypted using my passphrase that `gpg
--passwd` asks for?

I would be surprised if both can be true at the same time.

-- 
    Novak

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xB8D4C9837C741FBD.asc
Type: application/pgp-keys
Size: 2448 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20201222/c48995fb/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20201222/c48995fb/attachment.sig>


More information about the Gnupg-users mailing list