migrate to offline gpg master key

Hauke Laging mailinglisten at hauke-laging.de
Tue Feb 12 21:30:12 CET 2013

Am Di 12.02.2013, 16:01:02 schrieb refreshing at tormail.org:
> The gpg master key should only be stored
> on a separate offline machine.

That statement is too wide. The main key should never be *used* (or: usable) 
on an insecure system. If it is protected by a secure passphrase ([a-zA-
Z0-9]^18) which is never entered in an insecure system then there is no 
relevant risk.

> What's the best path for migration?

Get a safe system (or a safe boot medium for your normal system). There you 
import the key (or unlock it) and do what's necessary. Any specific questions? 
It boils down do export the public keys or the secret subkeys on the safe 
system afterwards and import them on the insecure system.

> I thought gpg is complicated but offline key makes my head burn. Any good
> guide?

In case you understand German (it's not comprehensive yet, though):

In the context of smartcards this is mentioned on the FSFE site:

PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 572 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20130212/bb843334/attachment.pgp>

More information about the Gnupg-users mailing list