Skip to content

Instantly share code, notes, and snippets.

@angela-d
Created April 1, 2018 23:57
Show Gist options
  • Save angela-d/8b27670bac26e4bf7c431715fef5cc51 to your computer and use it in GitHub Desktop.
Save angela-d/8b27670bac26e4bf7c431715fef5cc51 to your computer and use it in GitHub Desktop.
Move GPG Keys from One Machine to Another

Migrate GPG Keys from One Workstation to Another

Replace [your key] with your key ID

To obtain your key ID

gpg --list-secret-keys --keyid-format LONG

Which returns something like

/home/angela/.gnupg/pubring.kbx
-------------------------------
sec   rsa4096/[your key] 2018-03-30 [SC]
      ABCDEFGHIJKLMNOPQRSTUVWXYZ
uid                 [ unknown] angela (KEY NAME) <user@domain>
ssb   rsa4096/ABCDEFGHIJKL 2018-03-30 [E]

After the key size rsa4096/ is your key ID.


Export the key in preparation to move it

gpg --export -a [your key] > gpg-pub.asc

Prepare the secret key for migration (if password protected, you'll be prompted to enter it)

gpg --export-secret-keys -a [your key] > gpg-sc.asc

Find them

ls -l gpg*.asc

Drag the key pair from the current directory to your USB stick or however else you move them.

Once on the new machine, import them

gpg --import gpg-pub.asc

If password protected, you'll be prompted to enter it

gpg --import gpg-sc.asc

If you need to adjust the trust level

gpg --edit-key [your key]
@tupton
Copy link

tupton commented Dec 16, 2021

Thanks so much for these instructions – they are concise and very helpful.

One thing I had to do was restart gpg-agent after importing the public key and adjusting the trust level. I couldn’t import the secret key until restarting the agent:

sudo gpgconf --kill gpg-agent

I'm on Mac OS Monterey 12.1 for both old and new machines.

The error I received when trying to import the secret key was:

gpg: key <key-id>: "<key-description>" not changed
gpg: key <key-id>: error sending to agent: Permission denied
gpg: error building skey array: Permission denied
gpg: error reading '/path/to/gpg-sc.asc': Permission denied
gpg: import from '/path/to/gpg-sc.asc' failed: Permission denied
gpg: Total number processed: 0
gpg:              unchanged: 1
gpg:       secret keys read: 1

@angela-d
Copy link
Author

You're very welcome! Glad it was helpful.

Thanks for the tip, I often work with Macs at work and have yet to deal with Monterey - that will no doubt come in handy!

@trey
Copy link

trey commented Mar 3, 2023

Thank you both! This was a huge time saver. I was about to generate a new one.

@farazhussain
Copy link

Thank you very much!

@agowa
Copy link

agowa commented Jan 8, 2024

Just a note, this doesn't migrate all keys. If GnuPG is used as ssh-agent, it somehow allows keys within private-keys-v1.d to be included via the sshcontrol file even though ti doesn't show them to any other command including gpg --list-secret-keys --keyid-format LONG

I'm currently looking for a way to either extract them from there into a normal format...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment