Ubuntu – Is it possible to recover a secret key from a GPG public key


I have lost the GPG keys I use for Launchpad and email encryption, along with my entire ~/.gnupg folder. Can I recover them using the public key?

Best Answer

@andrewsomething No. The questioner you mentioned[sic], have[sic] the key available on one machine. but I've lost my key. (The computer exploded)

Sorry, but you cannot get your key back. This is by design.

The RSA (and DSA/ElGamal) algorithms are engineered so that the keys must be made at the same time. There are intermediate variables that are not stored as part of the either the private or public key. Because the public key is crafted to be made public, you cannot deduce the secret key from it, or there would be a giant security hole. The two primes are generated from random numbers.

Also, the key email/name/description have no bearing on the modulus("meaty" data portion of the key). Therefore, you cannot recover your secret key without a backup, at least not without factoring large numbers which cannot be easily done right now. The passphrase is used to protect the key with another (symmetric) key generated from the passphrase, but neither this key nor the password affect the modulus in any way except a stray source of random data.

What can I do?

You can go to Launchpad key management after logging in via username and password, revoke your old keys. and then make and publish new keys. There is no limit on the number of keys you can publish. Make a secure backup, and ensure nobody gets unauthorized access to the backup, and that the keys in the backup are protected by a passphrase.