Same private key on multiple sites

David Shaw
Sat Aug 18 03:18:04 2001

On Sat, Aug 11, 2001 at 01:22:56AM -0400, Anthony E. Greene wrote:

> On Sat, 11 Aug 2001, Nicholas Dickens wrote:
> >If you are using linux (or similar) just copy the .gnupg/secring file onto
> >the other machine. But only at first setup, otherwise you will delete the
> >existing secret keys. I'm not sure about how to export your secret key but
> >if you can, youshould just be able to import it on the other machine.
> gpg --export-secret-keys KEYID
Also look at --export-secret-subkeys, which does almost the same thing, but blanks out the secret part of the primary signing key. This is really useful as it lets you keep the important primary key (the one that collects signatures, and thus ties you to the web of trust) offline altogether, and just use subkeys which are easily creatable and revocable to do your work. I'm a big fan of this feature, as I also need to have keys in multiple places. Hmm. Should --export-secret-subkeys do an automatic --no-comment? At least for DH keys, GnuPG generates comment packets with the key factors. Is there a security implication with this? David -- David Shaw | | WWW +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson