How to migrate or export all GnuPG (gpg) public and private keys from one user to another
原文:
*. As the original user, use the following command to export all public keys to a base64-encoded text file:
gpg -a --export >mypubkeys.asc
Use the following command to export all encrypted private keys (which will also include corresponding public keys) to a text file:
gpg -a --export-secret-keys >myprivatekeys.asc
Optionally export gpg’s trustdb to a text file:
gpg --export-ownertrust >otrust.txt
*. Transfer those files to a place that the new user can read, keeping in mind that it’s bad practice to share private keys (e.g., via email or in a world-readable directory like /tmp
), despite the fact that they are encrypted and require the passphrase to be used
*. As the new user, execute gpg —import commands against the two asc files and then check for the new keys with gpg -k and gpg -K, e.g.:
gpg --import myprivatekeys.asc
gpg --import mypubkeys.asc
gpg -K
gpg -k
Optionally import the trustdb file as well:
gpg --import-ownertrust otrust.txt
*. As the new user, test encryption and decryption with gpg -er USERID
and gpg -d
commands
Keep in mind that decryption and signing will likely fail unless the user running gpg
owns the terminal it is running on
(Translation: don’t su
over to the new user; login directly via ssh or console)
Telling Git about your GPG key
*. Use the gpg --list-secret-keys --keyid-format LONG
command to list GPG keys for which you have both a public and private key. A private key is required for signing commits or tags.
$ gpg --list-secret-keys --keyid-format LONG
Note
Note: Some GPG installations on Linux may require you to use gpg2 --list-keys --keyid-format LONG
to view a list of your existing keys instead. In this case you will also need to configure Git to use gpg2 by running git config --global gpg.program gpg2
.
*. From the list of GPG keys, copy the GPG key ID you’d like to use. In this example, the GPG key ID is 3AA5C34371567BD2
:
$ gpg --list-secret-keys --keyid-format LONG
/Users/hubot/.gnupg/secring.gpg
------------------------------------
sec 4096R/3AA5C34371567BD2 2016-03-10 [expires:2017-03-10]
uid Hubot
ssb 4096R/42B317FD4BA89E7A 2016-03-10
*. To set your GPG signing key in Git, paste the text below, substituting in the GPG key ID you’d like to use. In this example, the GPG key ID is 3AA5C34371567BD2
:
$ git config --global user.signingkey 3AA5C34371567BD2
Comments
So what do you think? Did I miss something? Is any part unclear? Leave your comments below.