How to migrate or export all GnuPG (gpg) public and private keys from one user to another
Environment
- Red Hat Enterprise Linux
- GnuPG (gpg)
Issue
-
We need to migrate GPG keys from a user on AIX to a user on RHEL. How?
-
How do I export my gpg keys for backup?
-
I need to make all of the gpg keyrings from one user available to another user on the same system. Can I just copy the
~/.gnupgdirectory?
Resolution
-
As the original user, use the following command to export all public keys to a base64-encoded text file:
gpg -a --export >mypubkeys.ascUse the following command to export all encrypted private keys (which will also include corresponding public keys) to a text file:
gpg -a --export-secret-keys >myprivatekeys.ascOptionally export gpg's trustdb to a text file:
gpg --export-ownertrust >otrust.txt -
Transfer those files to a place that the new user can read, keeping in mind that it's bad practice to share private keys (e.g., via email or in a world-readable directory like
/tmp), despite the fact that they are encrypted and require the passphrase to be used -
As the new user, execute
gpg --importcommands against the twoascfiles and then check for the new keys withgpg -kandgpg -K, e.g.:gpg --import myprivatekeys.asc gpg --import mypubkeys.asc gpg -K gpg -kOptionally import the trustdb file as well:
gpg --import-ownertrust otrust.txt -
As the new user, test encryption and decryption with
gpg -er USERIDandgpg -dcommands
Keep in mind that decryption and signing will likely fail unless the user runninggpgowns the terminal it is running on
(Translation: don'tsuover to the new user; login directly via ssh or console)
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments