Moving the GPG keys from 1 machine to another
JPClizbe at comcast.net
Tue Dec 20 18:18:46 CET 2005
amit bhalerao wrote:
> Hi ,
> We have just completed the migration of the application from 1
> AIX box to another and have changed the encryption from PGP to GPG.
> Since there are many external vendors involved the process is bit
> tedious following up with vendor to change keys.
Vendor follow-up? It should have been transparent to an external entity.
> Just wanted to confirm in case if we move the application from 1
> AIX box to another :
> 1. Do we have to create a new GPG keys on new machine and send it
> to vendor and repeat the tedious process again everytime we move to
> new machine?
All that is necessary is to binary copy the *.gpg files (pubring.gpg;
secring.gpg; trustdb.gpg; and trustedkeys.gpg, if it exists) along with gpg.conf
from the GnuPG home directory (usually ~/.gnupg) on one machine to the new machine.
> 2. Is there any way we can migrate GPG keys from old box to new box
> without following up with vendors to change key at their end?
> If anyone has done before please let me know.
See Above. As a rule,GnuPG keyring files are binary-compatible across OS
versions. The same applies to PGP keyring files (pubring.pkr & secring.skr).
There should really be no need to change to a new key unless the old key expires
or is compromised. (You *DO* have revocation certs generated and safely stored
off-machine "just in case", right?)
Since you mentioned you changed from PGP to GnuPG above, you can migrate all
your PGP keys to GnuPG usually simply by importing the keyrings:
gpg --import secring.skr
gpg --import pubring.pkr
Imported keypairs will need to be set to 'Ultimate Trust' in GnuPG;
this is called 'Implicit Trust' in PGP.
John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet
Golden Bear Networks PGP/GPG KeyID: 0x608D2A10
"Be who you are and say what you feel because those who mind don't matter
and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go"
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 669 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20051220/be1fdec7/signature.pgp
More information about the Gnupg-users