[Question] Export public key

[Mansarde]

Is there any way to export the public key from the Ledger?

I understand that the public key will be automatically added to the computer's keyring during generation. But if I were to lose that keyring and wanted to extract/export the public key from my Ledger, could I do that?

I'm aware of the pytools/gpgcard/gpgcli.py tool for backing up the keys into an encrypted .pickle file. Would it be possible to extract the public key from that .pickle file maybe?

[mlapaj]

There are three private keys stored on ledger device. One main private key, second private subkey for encryption, third subkey for authorisation.

The public key is stored on your PC. You can export your public key using: gpg --armor --export andrzej.lipa@example.com > public.asc

Usually, users put their public keys to some key servers (type in google: gpg key server") and paste your key to server.

However, If you want to back up your private key from Ledger device, there is procedure and python tools for doing it (unfortunately, they are not working for me).

There is a third way of doing backup: generate private / plublic keys outside opengpg card (on your computer), backup them on some two usb pendrives and send them to your GPG card. This method has some drawbacks:

• you must be 100% sure that your PC is safe and you should safe delete private keys from hdd after backup.

[Mansarde]

But in case I lose my public key and it's not stored anywhere else, is there a way to calculate the public key from the private keys?

I know that if a private key is e.g. exported in an OpenPGP-compliant way then the private key will always contain the public key as well. But I'm not sure if that is the case with the private keys on the Ledger as well, that's why I'm asking.^^

[mlapaj]

Hi, In opengpg specification 3.0 in chapter 7 commands you can find: GENERATE ASYMMETRIC KEY PAIR command, 8100 Reading of actual public key

According to source code, Ledger app is handling procedure for reading pubkey for RSA/ECC // --- read pubkey --- case 0x8100: ...

However, i do not really know how to get it from gnupg. I`ll try to check it with some external tool.

Anyway, the best solution is to backup keys.

[Mansarde]

I'm just curious if it's possible in principle and thought someone may now. I do make backups, for sure, it'd just be nice if it was possible to create a script that could extract the public key on demand (if at all possible). Thanks for taking an interest, much appreciated! :)

[cslashm]

@Mansarde old but here the answer gnupg itself do no use the public key stored on the device, IIRC. But indeed, you can use python to do the job.

[Mansarde]

Thanks for the info!