forked from testing/wiki
Simplify subkey export/import process
This commit is contained in:
parent
cfde1e6265
commit
13b503f79c
@ -43,25 +43,21 @@ Export the *primary keypair* (put these somewhere very safe along with revocatio
|
|||||||
gpg --export --armor my@email.addr > my_email_addr.public.gpg-key
|
gpg --export --armor my@email.addr > my_email_addr.public.gpg-key
|
||||||
|
|
||||||
# Remove the *primary keypair* from your keyring
|
# Remove the *primary keypair* from your keyring
|
||||||
Export all subkeys from the new keypair to a file - use ramfs instead of tmpfs/ or /dev/shm/ because ramfs doesn't write to swap
|
1. Export all subkeys from the new keypair to a file
|
||||||
|
|
||||||
mkdir /tmp/gpg
|
gpg --export-secret-subkeys my@email.addr > $HOME/.gnupg/subkeys
|
||||||
sudo mount -t ramfs -o size=1M ramfs /tmp/gpg
|
|
||||||
sudo chown $(logname):$(logname) /tmp/gpg
|
|
||||||
gpg --export-secret-subkeys my@email.addr > /tmp/gpg/subkeys
|
|
||||||
|
|
||||||
Delete original signing subkey from keypair in our keyring
|
1. Delete primary key from keyring - *BE SURE TO BACK UP YOUR PRIMARY KEYPAIR FIRST!*
|
||||||
|
|
||||||
gpg --delete-secret-key my@email.addr
|
gpg --delete-secret-key my@email.addr
|
||||||
|
|
||||||
Re-import the previously exported keys
|
1. Re-import the previously exported keys
|
||||||
|
|
||||||
gpg --import /tmp/gpg/subkeys
|
gpg --import $HOME/.gnupg/subkeys
|
||||||
sudo umount /tmp/gpg
|
|
||||||
rmdir /tmp/gpg
|
|
||||||
|
|
||||||
Look for `sec#` instead of `sec` in the output - pound sign means signing subkey is *not* in the keypair located in the keyring
|
1. Look for `sec#` instead of `sec` in the output - pound sign means signing subkey is *not* in the keypair located in the keyring
|
||||||
gpg --list-secret-keys $HOME/.gnupg/secring.gpg
|
|
||||||
|
gpg --list-secret-keys $HOME/.gnupg/secring.gpg
|
||||||
|
|
||||||
# Revoking a *signing keypair*
|
# Revoking a *signing keypair*
|
||||||
Find the *primary keypair* and import it (preferably into an ephemeral system like a liveUSB)
|
Find the *primary keypair* and import it (preferably into an ephemeral system like a liveUSB)
|
||||||
|
Loading…
Reference in New Issue
Block a user