Sometimes I have to move my GnuPG key between computers for some reason, and although GnuPG does have features to export your private key, they are not as well documented, probably out of choice to discourage their use, as they can be a security issue. I have developed the following method to export both the public and private keys together, so that they can be easily imported, and with the minimum of secret data written to disk.
- Find out the keyid of the key you wish to export. You can get this from the output of
gpg -K
- First, export the public key. This is of course public info, so no worries about security here
gpg --output pubkey.gpg --export {KEYID}
- Now, in one fluid step, we will export the secret key, combine it into one file with the public key, and then encrypt it for transfer
gpg --output - --export-secret-key {KEYID} |\ cat pubkey.gpg - |\ gpg --armor --output keys.asc --symmetric --cipher-algo AES256
You will be prompted for a passphrase during this, this is the passphrase just for this temporary encryption for transfer. So use a good passphrase for security, and remember that passphrase!
- Now, transfer the keys.asc file to the new computer or wherever. Because it’s encrypted you could technically do this over the internet and it should still be secure, but I would suggest not using the internet for added security. When I last did this I just used a normal flash drive.
- On the new computer, we need to import the keys from the file. So, run this command to unpack and then import the keys (using pipes again)
gpg --no-use-agent --output - keys.asc | gpg --import
- And that, should be, that.
Sorgente: Moving a GPG Key (Privately) | Short-Circuit Synapse