Moving a GPG Key (Privately)

Sometimes I have to move my GnuPG key between computers for some reason, and although GnuPG does have features to export your private key, they are not as well documented, probably out of choice to discourage their use, as they can be a security issue. I have developed the following method to export both the public and private keys together, so that they can be easily imported, and with the minimum of secret data written to disk.

  1. Find out the keyid of the key you wish to export. You can get this from the output of

    gpg -K

    Note that the capital K is important so that it lists secret rather than public keys.

  2. First, export the public key. This is of course public info, so no worries about security here

    gpg --output pubkey.gpg --export {KEYID}

  3. Now, in one fluid step, we will export the secret key, combine it into one file with the public key, and then encrypt it for transfer

    gpg --output - --export-secret-key {KEYID} |\
     cat pubkey.gpg - |\
     gpg --armor --output keys.asc --symmetric --cipher-algo AES256

    You will be prompted for a passphrase during this, this is the passphrase just for this temporary encryption for transfer. So use a good passphrase for security, and remember that passphrase!

  4. Now, transfer the keys.asc file to the new computer or wherever. Because it’s encrypted you could technically do this over the internet and it should still be secure, but I would suggest not using the internet for added security. When I last did this I just used a normal flash drive.
  5. On the new computer, we need to import the keys from the file. So, run this command to unpack and then import the keys (using pipes again)

    gpg --no-use-agent --output - keys.asc | gpg --import

  6. And that, should be, that.
About these ads
This entry was posted in Uncategorized. Bookmark the permalink.

4 Responses to Moving a GPG Key (Privately)

  1. brian says:

    This is Great, thanks!

  2. Works like a charm, thanks!

  3. Pingback: Moving GPG Key Securely

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s