GPG Key Migration

Saving a pair of GPG keys are mandatory if you are using it as a password manager and you don’t want to store your password in plain text. So, after encrypting your passwords in one machine and for decrypting it on another machine requires the same public and private keys.

To migrate your keys, you need to export them from one machine and import them on another one. To do so, follow these steps:

Replace [your key] with your key ID

To obtain your key ID

gpg --list-secret-keys --keyid-format LONG

Which returns something like

/home/angela/.gnupg/pubring.kbx
-------------------------------
sec   rsa4096/[your key] 2018-03-30 [SC]
      ABCDEFGHIJKLMNOPQRSTUVWXYZ
uid                 [ unknown] angela (KEY NAME) <user@domain>
ssb   rsa4096/ABCDEFGHIJKL 2018-03-30 [E]

After the key size rsa4096/ is your key ID.

Export the key in preparation to move it

gpg --export -a [your key] > gpg-pub.asc

Prepare the secret key for migration (if password protected, you’ll be prompted to enter it)

gpg --export-secret-keys -a [your key] > gpg-private.asc

Find them

ls -l gpg*.asc

Drag the key pair from the current directory to your USB stick or however else you move them.

Once on the new machine, import them

gpg --import gpg-pub.asc

If password protected, you’ll be prompted to enter it

gpg --import gpg-sc.asc

If you need to adjust the trust level of the key, edit it and type trust and choose between the 5 options.

gpg --edit-key [your key]

After importing and changing the trust then you might add your own configuration to gpg-agent.conf in ~/.gnupg folder. And also if you have your passwords already backed up then you have to use pass init again with new imported key.