SUMMARY: transferring secret keys to new secret-keyring

David T-G davidtg@bigfoot.com
Mon, 17 Jul 2000 11:04:45 -0400


--O3e+n/sgIWxuu+uj
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

Hi again!

=2E..and then David @ BigFoot said...
%=20
% I see how I can copy public keys to a new public keyring, and I know
% that I can then delete those keys from the main keyring.  I don't see,
% however, how to transfer a secret key from the main ring.

Here's a summary, in the hopes that it will help the next guy surfing
through the mailing list archives -- if there are any.  Many thanks to
kromJx for pointers along the way!

For this test, I created a test key in my PGP keyring:

  % pgpk -l
  ...
  sec+  768 0xA3E6A078 2000-07-17 ---------- DSS             Sign & Encrypt
  sub   768 0x97ADBBC5 2000-07-17 ---------- Diffie-Hellman
  uid  test-key

Next I grabbed the secret key for import:

  % gpg --armor --export-secret-keys --secret-keyring ../.pgp/secring.skr \
  0xA3E6A078 | gpg --armor --import --options /dev/null --secret-keyring \
  secring.davidtg-old-keys.gpg

I then grabbed the public key for import:

  % gpg --armor --export --keyring ../.pgp/pubring.pkr 0xA3E6A078 | gpg \
  --armor --import --options /dev/null --keyring pubring.davidtg-old-keys.g=
pg

I have multiple keyrings specified in my options file, so I first had
to turn them off with "--options".  I pulled first the secret key and
then the public key from the PGP ring and stuck them onto the designated
GPG rings.

This works just as well for moving from GPG ring to GPG ring.  I created
another test key in GPG:

  % gpg --list-keys
  ...
  pub  1024D/9ACFB74D 2000-07-17 gpg-test-key
  sub   768g/F26F89FF 2000-07-17

I then grabbed the secret and public keys from the standard rings and
copied them to my old-keys rings:

  % gpg --armor --export-secret-keys --secret-keyring secring.gpg \
  9ACFB74D | gpg --armor --import --options /dev/null --secret-keyring \
  secring.davidtg-old-keys.gpg

  % gpg --armor --export --keyring pubring.gpg 9ACFB74D | gpg --armor \
  --import --options /dev/null --keyring pubring.davidtg-old-keys.gpg

Now, though, I have two copies of this key:

  % gpg --list-keys
  .../.gnupg/pubring.gpg
  ----------------------
  pub  1024D/9ACFB74D 2000-07-17 gpg-test-key
  sub   768g/F26F89FF 2000-07-17
  ...
  .../.gnupg/pubring.davidtg-old-keys.gpg
  ---------------------------------------
  pub  1024D/9ACFB74D 2000-07-17 gpg-test-key
  sub   768g/F26F89FF 2000-07-17

To get rid of the copy in my main ring, I must *first* delete the secret
key and *then* the public key:

  % gpg --delete-secret-key --options /dev/null --secret-keyring \
  secring.gpg 9ACFB74D

  % gpg --delete-key --options /dev/null --keyring pubring.gpg 9ACFB74D

  % gpg --list-keys
  .../.gnupg/pubring.gpg
  ----------------------
  ...
  .../.gnupg/pubring.davidtg-old-keys.gpg
  ---------------------------------------
  pub  1024D/9ACFB74D 2000-07-17 gpg-test-key
  sub   768g/F26F89FF 2000-07-17

Note that at no time did I need to de-passphrase any of these keys.


So now all I have to figure out is how I'm going to manage my current
keys, my old keys (kept around so that I can read old mail I sent out
as well as decrypt mail someone sends in using the old key), keys from
mailing lists, and keys from associates -- one of which is particularly
annoying because the guy tacked over a dozen name/addr/comment strings
onto it, and it always fills up my screen!  Suggestions and comments are
welcome, but please remember to send to me since I'm not on the list.


:-D
--=20 David T-G * It's easier to fight for one's principles (play) davidtg@bigfoot.com * than to live up to them. -- fortune cookie (work) davidtgwork@bigfoot.com http://www.bigfoot.com/~davidtg/ Shpx gur Pbzzhavpngvbaf Qrprapl Npg! The "new millennium" starts at the beginning of 2001. There was no year 0. Note: If bigfoot.com gives you fits, try sector13.org in its place. *sigh* --O3e+n/sgIWxuu+uj Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use MessageID: /L/9RrzugGAI2nj3d4IR/baD5oQmaBvt iQA/AwUBOXMSfXmSzMTLrpFxEQLwuACg2WjyDTvKjM+1GkqJbEsNxzNAmVgAn1qG vHLNIfILlCDmREKoyv7Gko9k =8EGM -----END PGP SIGNATURE----- --O3e+n/sgIWxuu+uj--