Moving Encryption Keys Between Devices
This article covers how to move your OpenPGP key between computers, and is part of a series in communications security.
The specifics cover moving between Linux computers using GnuPG, although many of the steps will apply to Windows running GnuPG (the main difference should be locating the location of the GnuPG folder under Windows).
This post follows Uploading Your Public Key to a Key Server.
In theory you should try and keep your encryption keys on a single computer, or even on an off-line storage device. However, this is rarely practicable. You’re likely to want to be able to access your keys from your desktop, your laptop, or even your phone.
In order to do this, you have a couple of different options. One is to export the keys into ASCII-armored files that you can import onto another computer. The other is to actually copy the keys themselves, in the directory or individually, onto the new device.
Exporting Your Keys
On computer your keys are on, run the commands
gpg --armor --export > public.asc
gpg --armor --export-secret-keys > secret.asc
gpg --export-ownertrust > trustdb
After you have run these commands, copy the resulting files onto the other computer, or whatever medium that you plan to use to transport them to the new device.
Use the wipe utility to securely delete the original copy of the exported files.
Importing Your Keys
Having copied the exported files onto the new device, or mounted whatever drive you used to transfer the files new machine, you need to import the key files.
To import the keys, use the commands:
gpg --import /location/public.asc /location/private.asc
gpg --import-ownertrust /location/trustdb
where /location
is the location that the exported files were saved in.
Then use the wipe utility to delete the exported files, leaving no copies anywhere.
Copying the Key Files Directly
If you are on Linux, you should find the original keys in .gnupg
. This directory should have files like pubring.gpg, secring.gpg and a few other files.
Either the individual keys, or the entire directory can be copied into a different computer’s home directory.
If you want the collected public keys to stay synchronized between computers, you could put the .gnupg folder onto a portable drive, and then softlink to it to it with the command
ln -s /drive/.gnupg ~/.gnupg
.
This way, whenever the drive is mounted, the GnuPG directory will accessible and all of your keys will be available.
I would suggest that you create a TrueCrypt file container to store the