GPG trying to understand about of public and secret keys
Introduction
In SSH can be created a pair of keys as follows for example:
id_rsaid_rsa.pub
Where the first one is the private and the second is the public. Where both:
- Are located in the
~/.sshdirectory - Is possible apply the
catcommand to see the content of each key
And of course the private key must be never shared. So far I can do a SSH connection in peace
GPG
Exists the ~/.gnupg directory which contains the following files among others:
pubring.kbxopenpgp-revocs.dprivate-keys-v1.d
I've confirmed when the following command is executed successfully:
gpg --full-gen-key
About the output as follows:
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: revocation certificate stored as '/home/manueljordan/.gnupg/openpgp-revocs.d/2A49B648C65C5F73C1FD17A2FBCFD538D559606D.rev'
public and secret key created and signed.
pub rsa3072 2025-02-13 [SC] [expires: 2025-03-15]
2A49B648C65C5F73C1FD17A2FBCFD538D559606D
uid Capitan Futuro (Nave Cometa) <capitanfuturo@gmail.com>
sub rsa3072 2025-02-13 [E] [expires: 2025-03-15]
Furthermore happens mostly the following:
- The
pubring.kbxfile is updated - In the
openpgp-revocs.ddirectory is created the2A49B648C65C5F73C1FD17A2FBCFD538D559606D.revfile. Here the full fingerprint was applied in the new.revfilename - In the
private-keys-v1.ddirectory were created two<40-random-characters>.keyfiles
I know that a private key is the same as a secret key. It about terms
Sorry for the following set of questions but because they are tight related I think is wise have all of them together
- Why was created two private keys in the "private" directory?
- What is the purpose of each private key?
- By whom is used each private key?
- Where is located/stored the public key?
For (1.) is possible apply the cat command and for (4.) the full fingerprint is generated from that public key so the latter must be read it from some place. And I am assuming is possible apply the cat command for the public key too.
