Heres a description of how to use Mark Shoulson <shoulson@cs.columbia.edu>'s pgpacket.pl utility to extract your public and private keys from PGP, so that you can use them with perl-rsa. There is a detached signature file for the pgpacket utility also, so you can check it hasn't been tampered with since he wrote it.

You just give pgpacket a PGP file and it tells you what's in it.

So once you have obtained the pgpacket (unsing the link above), you will be able to do this to extract your public exponent and RSA modulus:

% pgpacket.pl pubring.pgp

And it will decode the entire contents of your public key ring in human readable form.

However there are typically *lots* of public keys in your
public key ring, so either grep for the entry you want, or extract
the public key you want to a file first:

% pgp -kx <user> <file> % pgpacket.pl <file>

The output should look something like this (newer version of pgpacket may have slightly different format, but E and N are what you are looking for):

--------------------------- Packet Type: Public Key Packet Length: 141 Version Byte: 2 Key Created: 8 Jun 1993 09:34:57 Valid forever Algorithm: 1 (RSA) N: 99D61071378EE2C0C8C9C4B7786B203DEDF2D6E526F24F7E83F3E0F960FB66B9CB81C04E89D70689A4866F21AD1BB5BA6AEE51469E5B59B121BA6F3F8D776B627253BA5DC9FCA8155A565B9893F695D83A0496EB977EE4659EE20E0F2EB49B2593C11487B377CC5D767C79FB985B464D4AE94A5F45E42E3B29C8B89D556A4A67 E: 13

There will be others pieces of information after that, a user-id packet, maybe some signatures, etc. Btw that really is my public key, spot the last 8 hex digits of the RSA modulus N: 556A4A67, ie my key-id, as you might use to look me up on a keyserver: 0x556A4A67. That is all the key-id is, it is the last 8 LSBytes of your RSA modulus.

The method applies to your secret key. However there is a complication, PGP won't give your secret key up so easily. You must first use PGP to decrypt your secret key and save it plain text form.

You ought to be careful about doing this, having your secret key on
your disk in plain text format is a **bad** idea from a security
point of view. The best thing to do if you wish to use this method is
to generate a PGP key especially for playing with perl-rsa, that way
you do not risk playing with the plaintext version of your **real**
PGP secret key. If you want to do it to your real PGP key, well you
have been warned, and be aware that file systems are not always very
secure, and even on laptops, the file system is only as secure as your
physical security, ie a lot less secure than having your PGP key
encrypted.

So once you've generated your key for test purposes, or whatever. When PGP asks you for a passphrase to encrypt your freshly generated test key with, just press ENTER twice, when you do this PGP does not encrypt your secret key.

(If you already encrypted it, you can have PGP unencrypt it by changing your passphrase with the pgp -ke option. Just change your passphrase to be a blank passphrase, ie just press ENTER twice when asked for your new passphrase).

Once you have done that, extract your secret key into a file, or just blast the whole keyring through pgpacket, and go search for your key in the output.

To see your entire secret key ring (won't be too big, unless you've got a whole load of test keys lying around like me):

% pgpacket.pl secring.pgp

or to get just the seckey you are after in a file, and then view that only:

% pgp -kx <user> <file> secring.pgp % pgpacket.pl <file>

The field you will be looking for is the D field, N will be the same number as in your public key. PGP keeps P and Q, and U around also for efficiency reasons, but all you need for perl-rsa is E, N and D.

--------------------------- Packet Type: Secret Key Packet Length: 192 Version Byte: 3 Key Created: 25 Jun 1995 20:47:16 Valid forever Algorithm: 1 (RSA) N: CF7C85AAA6BBEA6A928AA4AFDE623260533606FE88BE78914242A0148EAD3D11AAC9B3287715690FA9E2F2C85A5AD16B E: 11 Protection Algorithm: 0 (None) D: 0C348055551A1CD917ADCD73C1C98A7E23032D968083ACBD24F99DED5809B7F20C867AB224C7500A2CF30301419E90F1 P: D9BEAD898AAB1AEE84D7E1740C63D293D30689FE7F2CA16B Q: F3F075C82B5CEB105103ABDFF97545CEDAB935B47FA69001 U: 4104F5EE44267FAAB8BDFF62F020E9B28E94CEC78152AA24 Checksum: 40C3

That example secret key (I'm hardly gonna show you mine) is the 384 bit BlackNet key which Paul Leyland and friends factored a while back.

In case you were curious, here's a brief explanation of how these numbers are related.

N = P x Q, (M^E)^D = M (mod N) and (M^D)^E = M (mod N) for all M st 0 <= M < N P < Q and P x U = 1 (mod Q)

We'll use the 384 bit BlackNet key, as determined above, the relevant numbers are public exponent (E), RSA modulus (N), and private exponent (D).

So lets try encrypting the message 'hello world' with the black net key and perl-rsa:

n = CF7C85AAA6BBEA6A928AA4AFDE623260533606FE88BE7891 4242A0148EAD3D11AAC9B3287715690FA9E2F2C85A5AD16B e = 11 d = 0C348055551A1CD917ADCD73C1C98A7E23032D968083ACBD 24F99DED5809B7F20C867AB224C7500A2CF30301419E90F1

So encrypt:

% cat > msg hello world ^D % rsa -k=[e] -n=[n] < msg > msg.rsa

Where [e] and [n] are the keys above, ie paste this into your shell:

% rsa -k=11 -n=CF7C85AAA6BBEA6A928AA4AFDE623260533606FE88BE78914242A0148EAD3D11AAC9B3287715690FA9E2F2C85A5AD16B < msg > msg.rsa

and decrypt:

% rsa -d -k=[d] -n=[n] < msg.rsa

ie paste this into your shell.

% rsa -d -k=0C348055551A1CD917ADCD73C1C98A7E23032D968083ACBD24F99DED5809B7F20C867AB224C7500A2CF30301419E90F1 -n=CF7C85AAA6BBEA6A928AA4AFDE623260533606FE88BE78914242A0148EAD3D11AAC9B3287715690FA9E2F2C85A5AD16B < msg.rsa

(Encrypt will be faster than decrypt because we are using a small public exponent (hex 11 = 17) where as the secret exponent (d) is a big number, it'll take 30 seconds or so to decrypt).

So we have just demoed encrypt and decrypt with the blacknet key,
which Paul Leyland broke with a 1000 or so MIP years of compute. The
security lesson to extract from Paul's demo breaking is this:
**don't** use small keys! You should be using minimum 1024,
perhaps even 2048, both of which PGP copes with easily.