Private key reported as public
Closed, ResolvedPublic

Description

Private key is being reported as public:

$ gpg --version
gpg (GnuPG) 2.2.1
libgcrypt 1.7.9
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /home/tomas/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

$ gpg --dry-run --with-colons --import-options import-show --import /tmp/priv.key 
pub:-:1024:1:9CFDF0B7CCB3FA06:1506689947:::-:::scESC::::::::0:
fpr:::::::::5B2F919739483416F594373C9CFDF0B7CCB3FA06:
uid:-::::1506689947::301CD561DB45FD1934396233411F6688AEE81E19::tester <tester@example.com>::::::::::0:
sub:-:1024:1:F4002EDA8A20EE92:1506689947::::::e:::::::
fpr:::::::::20B6BB09F716EF42149944FEF4002EDA8A20EE92:
gpg: key 9CFDF0B7CCB3FA06: failed to re-lookup public key
gpg: Total number processed: 1
gpg:       secret keys read: 1
werner added a subscriber: werner.Oct 3 2017, 1:13 PM

What you see is the public key which is always part of the private key.

May we change this into a feature request to indicate that secret parts are also contained in the key?

So how would one distinguish between private and public key using any kind of automatic processing?

I am fine with changing this to a feature request.

werner edited projects, added Feature Request; removed Bug Report.Oct 5 2017, 9:28 AM
werner triaged this task as High priority.
vsajip added a subscriber: vsajip.Oct 6 2017, 1:26 PM

Is this not a regression, rather than a new feature request? Earlier versions of GnuPG report sec rather than pub for such keys. The file itself is a private key - that it contains a public part is surely secondary in this context.

werner added a comment.Oct 6 2017, 4:53 PM

The import-show thing is new. What you see is different from the default action of gpg when it encounters a keyblock. In fact, that old output was never well defined and basically a debugging aid.

Okay, will be fixed in 2.2.2.. I actually found a bug while working on the patch.

werner closed this task as Resolved.Oct 19 2017, 5:47 PM
werner claimed this task.