Moving GPG Key Securely

There’s at least one case while at FUDCon Pune where an attendee has to reformat his laptop and was unable to move his GPG key. Since the old key we signed is now pretty useless, we had to resign his new key.

I was in the same boat a couple of months back and here’s one way of securely transferring keys from one machine to another that works for me (thanks Dark Otter!).

1. Find the GPG keyid you want to export.

gpg -K

2. Export the public key.

gpg --output pubkey.gpg --export {KEYID}

3. Export the secret key, combine it with the public key and then encrypt it for transfer. Do yourself a favor, remember that passphrase!

gpg --output - --export-secret-key {KEYID} |
cat pubkey.gpg - |
gpg --armor --output keys.asc --symmetric --cipher-algo AES256

4. Transfer the keys.asc file to the new computer using a flash drive.
5. On the new computer, unpack and import the old keys.

gpg --no-use-agent --output - keys.asc | gpg --import

6. Delete keys.asc or make sure it’s not just lying around.

Leave a Comment

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.