Tuesday 4 June 2024 Export all GnuPG keys ===================== There are two options for migrating your GnuPG keys. You can copy the entire $HOME/.gnupg directory or export each key to a file. My guess is that exporting individual keys is more robust as well as more future proof. I haven't found an option to export all secret keys with one command. This gives a nice reason to write a small script :) I wrote two scripts, one to export all the secret keys, and one to export all the public keys. The second script also exports the trust-db. Directory --------- For convenience, all export files are placed in the $HOME/tmp directory. When the scripts are finished, all keys can be send to another system with a simple scp command. Export all secret keys ---------------------- Here's the script to export all secret-keys. #!/bin/sh mkdir -p ~/tmp for skey in $(gpg -K | grep -A1 "^sec" | grep -v "^--" | grep -v "^sec") do gpg -a --export-secret-key $skey > ~/tmp/$skey.asc done This creates, if needed, the directory ~/tmp and exports the secret keys in ASCII-armored format. For each key, GnuPG will prompt for the passphrase. The script creates a separate file for each key. This might be handy when committing keys to a repository or other managerial tasks. Export all public keys ---------------------- Here's the script to export all public-keys. #!/bin/sh mkdir -p ~/tmp echo "" > ~/tmp/all-keys.asc for skey in $(gpg -k | grep -A1 "^pub" | grep -v "^--" | grep -v "^pub") do gpg -a --export $skey >> ~/tmp/all-keys.asc done gpg --export-ownertrust > ~/tmp/trust.txt This script exports all public keys and collects those in a single file. Next, it exports the trust-db to a file. Import everything ----------------- Move the $HOME/tmp to a different system, e.g, using scp or rsync, On this system, cd to the directory with the exports. * Import all keys with `gpg --import *asc'. * Import the trust-db with `gpg --import-ownertrust trust.txt GnuPG will prompt for the passphrases of the secret keys. After importing, list all public keys with `gpg -k', and list all secret-keys with `gpg -K' (uppercase k). Don't forget to remove the export files. Happy GnuPG-ing! Last edited: $Date: 2024/06/04 13:33:20 $