Moving GPG Key Securely

There’s at least one case while at FUDCon Pune where an attendee has to reformat his laptop and was unable to move his GPG key. Since the old key we signed is now pretty useless, we had to resign his new key.

I was in the same boat a couple of months back and here’s one way of securely transferring keys from one machine to another that works for me (thanks Dark Otter!).

1. Find the GPG keyid you want to export.

gpg -K

2. Export the public key.

gpg --output pubkey.gpg --export {KEYID}

3. Export the secret key, combine it with the public key and then encrypt it for transfer. Do yourself a favor, remember that passphrase!

gpg --output - --export-secret-key {KEYID} |
cat pubkey.gpg - |
gpg --armor --output keys.asc --symmetric --cipher-algo AES256

4. Transfer the keys.asc file to the new computer using a flash drive.
5. On the new computer, unpack and import the old keys.

gpg --no-use-agent --output - keys.asc | gpg --import

6. Delete keys.asc or make sure it’s not just lying around.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s