Re: lost dsa gnupg private key :(

Grumble wrote:
> Paul Rubin wrote:
>
>> rot wrote:
>>
>>> I have a number of important files encrypted with my gnupg key.
>>> unfortunatly I've lost my private key. I need some advice on how to
>>> recover my files (I still have my public key & my passphrase).
>>
>> Sorry, it's gone.
>
> Aren't the public and private keys derived from the passphrase?

The answer is essentially 'no'. The keys are randomly
generated, independent of the passphrase. PGP then writes a file
such that the private key may be reconstructed from both the
passphrase and the file.

Given the file, one might attempt to recover the keys by
guessing the passphrase; people often choose passphrases that
enable such an attack. Given the passphrase, a naive attacker
might attempt to recover the key by guessing the file, but there
is no realistic chance that such an attack will succeed; PGP
does not generate guessable files.

Fortunately, 'rot' reported finding a backup of the file, and
therefore seems able to recover his data. Rubin was correct to
say "Sorry, it's gone," under the given assumption that the file
was lost, and given the current state of the art in
cryptanalysis.

-- 
--Bryan