Syncing Keys between multiple computers?

Daniel Kahn Gillmor dkg at fifthhorseman.net
Mon May 2 02:15:44 CEST 2011


On 05/01/2011 03:49 PM, Christopher Tran wrote:
> Whats the easiest way to keep GPG keys synced between my computers?  Like, I have my MacBook, which is usually my main machine, but I also have my netbook which I prefer carrying around and sometimes I update my key with User IDs on either machine but the only way I have thought of is to export and import every single time.  Is there an easier way?

if your changes to your keys and user IDs aren't supposed to be secret,
(i.e. they are not non-exportable certifications, and you have not added
any new secret subkeys or primary keys) then you can just push your
updates to the keyservers when they happen:

 gpg --send $CHANGED_KEYID

and then when you switch to a different machine, you can just ensure
everything is up-to-date:

 gpg --refresh

These commands probably want a keyserver; so if you don't have a default
chosen already, add the following line to ~/.gnupg/gpg.conf (on both
machines):

 keyserver pool.sks-keyservers.net

If you change ownertrust, add new secret keys (either primary keys or
subkeys), or make non-exportable certifications, then you'll want to do
the export and import steps.  on the origin machine:

 gpg --export-ownertrust > ownertrust
 gpg --export-options export-local --export-secret-keys > secring
 gpg --export-options export-local --export-keys >pubring

and on the destinaton machine:

 gpg --import-ownertrust < ownertrust
 gpg --import-options import-local --import < secring
 gpg --import-options import-local --import < pubring

note that you might have some trouble updating your secret keys like
this, due to a known bug:

 https://bugs.g10code.com/gnupg/issue318

so if something changes in your secret key (e.g. new subkeys), you might
need to move the old secring out of the way or do more complicated
merges with gpgsplit (if you've had the misfortune of generating new
subkeys on both systems).

hth,

	--dkg


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110501/7b932385/attachment.pgp>


More information about the Gnupg-users mailing list