Two servers..one KeyPair

Henry Hertz Hobbit hhhobbit at securemecca.net
Tue Nov 28 16:53:42 CET 2006


On Mon, 2006-11-27 at 11:18 -0500, brunij at earthlink.net wrote:


> Your question is ambiguous. What are you trying to do? Use one key  
> pair on two systems, or use two key pairs on two systems?
> 
> If the former, simply copy the .gnupg directory to the second system.  
> If the former, simply create a second key pair on the second system.

I think you meant to say "If the latter" (we probably all deduced
that). What was confusing me was the "create".  You only do the
"create" on ONE of the machines (hereafter referred to as machine
number one).

0. Do a backup of both ~/.gnupg folders first.  If you goof up you
   can always go back to what you have.  If you don't have a .gnupg
   folder on machine two, just copy the backup from the first machine
   to machine two and unpack it (option one).

1. If you are starting from scratch, copy the entire .gnupg folder
   BUT delete the random_seed file in the folder on the machine the
   folder was copied to, to force it to recreate a new random_seed
   file that is different.

2. If you can NOT just copy the folder, e.g., you already have keys
   on machine two that are NOT on machine one where you generated
   the keys, then use the --export-secret-keys on the machine you
   generated the key you want to use on both machines.  You import
   it just like any other key.

   [a] on the machine where the key was created:

	gpg -a --export-secret-keys E4FC4DDF > sec_bogus.asc
        # you will have your OWN key ID and file name

   [b] on machine two that doesn't have the secret key yet. copy
       the sec_bogus.asc (use your own name) file to it and type:

       gpg --import sec_bogus.asc
       # substitute your own name for the secret key file.  Once
       # the transfer has worked, SHRED THIS FILE!

   This is TESTED and works as LONG as you are NOT using SELinux.

3. If you are using SELinux, approach one is HIGHLY recommended.
   If you can't do that search archives for Werner's work-around
   for exporting / importing the secret keys.   It is a hack that
   defeats SELinux from preventing the export of secret keys
   (which is actually a good idea MOST of the time).

> 
> On Nov 27, 2006, at 9:18 AM, Wolff, Alex wrote:
> 
> > Hello,
> >
> > I am trying to get around the problem of creating one key-pair and  
> > using it
> > on two different servers (TEST and PROD).  Is this possible?
> >

YES.  See previous.

> >
> > I am using gpg (GnuPG) 1.4.2.2
> >
> > Thank You.
> >
> > Alex Wolff (awolff at newbreed.com)
> > Technology Services Group
> > New Breed Corp.
> > 336-232-4573 (v)
> > 336-217-1680 (f)

HHH





More information about the Gnupg-users mailing list