Same private key on multiple sites
David Shaw
dshaw@jabberwocky.com
Sat Aug 18 03:18:04 2001
On Sat, Aug 11, 2001 at 01:22:56AM -0400, Anthony E. Greene wrote:
> On Sat, 11 Aug 2001, Nicholas Dickens wrote:
> >If you are using linux (or similar) just copy the .gnupg/secring file onto
> >the other machine. But only at first setup, otherwise you will delete the
> >existing secret keys. I'm not sure about how to export your secret key but
> >if you can, youshould just be able to import it on the other machine.
>
> gpg --export-secret-keys KEYID
Also look at --export-secret-subkeys, which does almost the same
thing, but blanks out the secret part of the primary signing key.
This is really useful as it lets you keep the important primary key
(the one that collects signatures, and thus ties you to the web of
trust) offline altogether, and just use subkeys which are easily
creatable and revocable to do your work. I'm a big fan of this
feature, as I also need to have keys in multiple places.
Hmm. Should --export-secret-subkeys do an automatic --no-comment? At
least for DH keys, GnuPG generates comment packets with the key
factors. Is there a security implication with this?
David
--
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson