Posted over 4 years ago. Visible to the public.

GPG: Extract private key and import on different machine

After extending the expiry date of a GPG key you might have to copy your key to another machine to use the same key there. Here is how:

  1. Identify your private key:

    Copy
    gpg --list-secret-keys user@example.com

    Example output:

    Copy
    pub 4096R/ABC12345 2020-01-01 [expires: 2025-12-31] uid Your Name <user@example.com> sub 4096R/DEF67890 2020-01-01 [expires: 2025-12-31]

    Remember the ID of your key (second column, after the slash, e.g. "ABC12345"). If you have a "sub" entry, you can ignore it.

  2. Run this command to export your key:

    Copy
    gpg --export-secret-keys YOUR_ID_HERE > private.key
  3. Copy the key file to the other machine using a secure transport (scp is your friend).
  4. To import, run

    Copy
    gpg --import private.key

    If the key already existed on the second machine, the import will fail saying "Key already known".
    To force import, you will have to delete both the private and public key first (gpg --delete-keys and gpg --delete-secret-keys)

Enigmail / GnuPG v2

Note that you probably also have gpg2 on your system which is backwards-compatible with gpg, but seems to manage a separate list of keys. When using Thunderbird with Enigmail, note that it uses version 2 and may be unable to see your private key after importing. To fix that, run

Copy
gpg2 --import private.key

Restart Thunderbird afterwards.

Owner of this card:

Avatar
Thomas Eisenbarth
Last edit:
4 days ago
by Arne Hartherz
Posted by Thomas Eisenbarth to makandra orga
This website uses cookies to improve usability and analyze traffic.
Accept or learn more