Two servers...one KeyPair
Henry Hertz Hobbit
hhhobbit at securemecca.net
Mon Dec 4 11:20:40 CET 2006
On Tue, 2006-11-28 at 15:01 +0100, Albert Reiner wrote:
> Date: Tue, 28 Nov 2006 15:01:25 +0100
> From: Albert Reiner <areiner at tph.tuwien.ac.at>
> Subject: Re: Two servers...one KeyPair
> To: Gnupg-users at gnupg.org
> Cc: "Wolff, Alex" <awolff at newbreed.com>
> Message-ID: <20061128140125.GA15808 at tph.tuwien.ac.at>
> Content-Type: text/plain; charset=us-ascii
> > I am trying to get around the problem of creating one key-pair and using it
> > on two different servers (TEST and PROD). Is this possible?
> Generate the key on one server, export both private and public key
> (gpg --export, gpg --export-private-key), transfer to the other
> server, import private and public key.
I apologize for not addressing this sooner.
I never heard of the option --export-private-key. I gave the
more complete response of how to do it using --export-secret-keys.
Is --export-private-key part of 2.0 or are just you explaining
the concept? I have never used 2.0, YET.
I said that if you don't have completely duplicate key-rings,
you should do the export. Additionally, if you have generated
the keys on GnuPG, but you are using PGP instead of GnuPG on the
other machine you will also want to do an --export-secret-keys
and import it on the other machine EVEN if the key-rings are
duplicates of each other.
I forgot to ask the philosophical question of whether or not
we should be asked the pass-phrase of the secret key to do this.
I suppose not, since you still need to know it to use the key
once you import it some place else. But it feels strange not
to be prompted for your pass-phrase when you are exporting
secret keys. Even if it doesn't do anything, the asking of
you to confirm that you really want to export your secret key
by asking for the pass-phrase of that key should clue you in
that you are doing something that needs to be done with care
and you should probably securely remove the file that was
created when you no longer need it.
More information about the Gnupg-users