Two servers..one KeyPair
Henry Hertz Hobbit
hhhobbit at securemecca.net
Tue Nov 28 16:53:42 CET 2006
On Mon, 2006-11-27 at 11:18 -0500, brunij at earthlink.net wrote:
> Your question is ambiguous. What are you trying to do? Use one key
> pair on two systems, or use two key pairs on two systems?
> If the former, simply copy the .gnupg directory to the second system.
> If the former, simply create a second key pair on the second system.
I think you meant to say "If the latter" (we probably all deduced
that). What was confusing me was the "create". You only do the
"create" on ONE of the machines (hereafter referred to as machine
0. Do a backup of both ~/.gnupg folders first. If you goof up you
can always go back to what you have. If you don't have a .gnupg
folder on machine two, just copy the backup from the first machine
to machine two and unpack it (option one).
1. If you are starting from scratch, copy the entire .gnupg folder
BUT delete the random_seed file in the folder on the machine the
folder was copied to, to force it to recreate a new random_seed
file that is different.
2. If you can NOT just copy the folder, e.g., you already have keys
on machine two that are NOT on machine one where you generated
the keys, then use the --export-secret-keys on the machine you
generated the key you want to use on both machines. You import
it just like any other key.
[a] on the machine where the key was created:
gpg -a --export-secret-keys E4FC4DDF > sec_bogus.asc
# you will have your OWN key ID and file name
[b] on machine two that doesn't have the secret key yet. copy
the sec_bogus.asc (use your own name) file to it and type:
gpg --import sec_bogus.asc
# substitute your own name for the secret key file. Once
# the transfer has worked, SHRED THIS FILE!
This is TESTED and works as LONG as you are NOT using SELinux.
3. If you are using SELinux, approach one is HIGHLY recommended.
If you can't do that search archives for Werner's work-around
for exporting / importing the secret keys. It is a hack that
defeats SELinux from preventing the export of secret keys
(which is actually a good idea MOST of the time).
> On Nov 27, 2006, at 9:18 AM, Wolff, Alex wrote:
> > Hello,
> > I am trying to get around the problem of creating one key-pair and
> > using it
> > on two different servers (TEST and PROD). Is this possible?
YES. See previous.
> > I am using gpg (GnuPG) 18.104.22.168
> > Thank You.
> > Alex Wolff (awolff at newbreed.com)
> > Technology Services Group
> > New Breed Corp.
> > 336-232-4573 (v)
> > 336-217-1680 (f)
More information about the Gnupg-users