How to import secret gpg key (copied from one machine to another)?

by

I’m trying to copy my gpg key from one machine to another.

I do:

gpg --export ${ID} > public.key
gpg --export-secret-key ${ID} > private.key

Move files to new machine, and then:

gpg --import public.key
gpg: nyckel [ID]: public key [Name, e-mail] was imported
gpg: Total number of treated keys: 1
gpg:                 imported: 1  (RSA: 1)

gpg --allow-secret-key-import private.key
sec  [?]/[ID] [Creation date] [Name, e-mail]
ssb  [?]/[SUB-ID] [Creation date]

All looks good to me, but then:

$ gpg -d [file].gpg
gpg: encrypted with 4096-bit RSA-key, id [SUB-ID], created [Creation date]
  [Name, e-mail]
gpg: decryption failed: secret key not accessible

So the error message says that the file has been encrypted with [SUB-ID], which the secret key import appears to say it has imported. (The [SUB-ID] in both messages is the same).

So I’m clearly doing something wrong, but I don’t know what.

Contents hide
Answers:
Method 1
Method 2
Method 3

Answers:

Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

You need to add --import to the command line to import the private key. You need not use the --allow-secret-key-import flag. According to the man page: “This is an obsolete option and is not used anywhere.”

gpg --import private.key

Method 2

Above is only a partial answer. Complete answer is:

gpg --import private.key
  • Given the KEYID (e.g FA0339620046E260) from the output: 
      gpg --edit-key {KEY} trust quit
  # enter 5<RETURN> (I trust ultimately)
  # enter y<RETURN> (Really set this key to ultimate trust - Yes)
  • OR use the automated command below: 
      expect -c 'spawn gpg --edit-key {KEY} trust quit; send "5ryr"; expect eof'

Finally, verify that key is now trusted with [ultimate] instead of [unknown]

gpg --list-keys

Method 3

I was importing from a backup that had an old version of gpg. Since the old computer wasn’t available, only the backup, I couldn’t export it first. This is what worked for me.

gpg --import old_home_dir/.gnupg/pubring.gpg
gpg --import old_home_dir/.gnupg/secring.gpg

If you want to be able to import secret keys without entering the passphrase immediately, use the --batch option.

To verify the public keys:

gpg --list-keys

To verify the secret keys:

gpg --list-secret-keys


All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x