How to migrate or export all GnuPG (gpg) public and private keys from one user to another


*. As the original user, use the following command to export all public keys to a base64-encoded text file:

gpg -a --export >mypubkeys.asc

Use the following command to export all encrypted private keys (which will also include corresponding public keys) to a text file:

gpg -a --export-secret-keys >myprivatekeys.asc

Optionally export gpg’s trustdb to a text file:

gpg --export-ownertrust >otrust.txt

*. Transfer those files to a place that the new user can read, keeping in mind that it’s bad practice to share private keys (e.g., via email or in a world-readable directory like /tmp), despite the fact that they are encrypted and require the passphrase to be used

*. As the new user, execute gpg —import commands against the two asc files and then check for the new keys with gpg -k and gpg -K, e.g.:

gpg --import myprivatekeys.asc
gpg --import mypubkeys.asc
gpg -K
gpg -k

Optionally import the trustdb file as well:

gpg --import-ownertrust otrust.txt

*. As the new user, test encryption and decryption with gpg -er USERID and gpg -d commands Keep in mind that decryption and signing will likely fail unless the user running gpg owns the terminal it is running on (Translation: don’t su over to the new user; login directly via ssh or console)

Telling Git about your GPG key

原文: Github Docs: Telling Git about your GPG key

*. Use the gpg --list-secret-keys --keyid-format LONG command to list GPG keys for which you have both a public and private key. A private key is required for signing commits or tags.

$ gpg --list-secret-keys --keyid-format LONG


Note: Some GPG installations on Linux may require you to use gpg2 --list-keys --keyid-format LONG to view a list of your existing keys instead. In this case you will also need to configure Git to use gpg2 by running git config --global gpg.program gpg2.

*. From the list of GPG keys, copy the GPG key ID you’d like to use. In this example, the GPG key ID is 3AA5C34371567BD2:

$ gpg --list-secret-keys --keyid-format LONG
sec   4096R/3AA5C34371567BD2 2016-03-10 [expires:2017-03-10]
uid                          Hubot
ssb   4096R/42B317FD4BA89E7A 2016-03-10

*. To set your GPG signing key in Git, paste the text below, substituting in the GPG key ID you’d like to use. In this example, the GPG key ID is 3AA5C34371567BD2:

$ git config --global user.signingkey 3AA5C34371567BD2

Like this post? Share on:

doobom Avatar doobom is write a bug.

So what do you think? Did I miss something? Is any part unclear? Leave your comments below.

comments powered by Disqus

Keep Reading





Stay in Touch

Get New Release Alert