Moving the GPG keys from 1 machine to another

John Clizbe JPClizbe at comcast.net
Tue Dec 20 18:18:46 CET 2005 

amit bhalerao wrote:
> Hi ,
> 
>      We have just completed the migration of the application from 1  
> AIX box to another and have changed the encryption from PGP to GPG.
> Since there are many external vendors involved the process is bit  
> tedious following up with vendor to change keys.

Vendor follow-up? It should have been transparent to an external entity.

>      Just wanted to confirm in case if we move the application from 1  
> AIX box to another :
> 1.  Do we have to create a new GPG keys on new machine and send it   
> to vendor and repeat the tedious process again everytime we move to  
> new machine?

All that is necessary is to binary copy the *.gpg files (pubring.gpg;
secring.gpg; trustdb.gpg; and trustedkeys.gpg, if it exists) along with gpg.conf
from the GnuPG home directory (usually ~/.gnupg) on one machine to the new machine.

> 2. Is there any way we can migrate GPG keys from old box to new box  
> without following up with vendors to change key at their end?
>          If anyone has done before please let me know.

See Above. As a rule,GnuPG keyring files are binary-compatible across OS
versions. The same applies to PGP keyring files (pubring.pkr & secring.skr).

There should really be no need to change to a new key unless the old key expires
or is compromised. (You *DO* have revocation certs generated and safely stored
off-machine "just in case", right?)

Since you mentioned you changed from PGP to GnuPG above, you can migrate all
your PGP keys to GnuPG usually simply by importing the keyrings:

	gpg --import secring.skr
	gpg --import pubring.pkr

    Imported keypairs will need to be set to 'Ultimate Trust' in GnuPG;
    this is called 'Implicit Trust' in PGP.


-- 
John P. Clizbe                   Inet:   JPClizbe(a)comcast DOT nyet
Golden Bear Networks             PGP/GPG KeyID: 0x608D2A10
"Be who you are and say what you feel because those who mind don't matter
and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 669 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20051220/be1fdec7/signature.pgp

More information about the Gnupg-users mailing list