At some point I found myself wanting to move/copy my GPG keys. Since I didn’t find the exact answer I was looking for, this is a quick writeup detailing the steps required.

Listing your GPG keys

First we need to know the details of the GPG keys we’re going to move, specifically the Key ID.

# To list the keys in your public key ring:
gpg --list-keys
# To list the keys in your secret key ring:
gpg --list-secret-keys

Exporting the GPG keys

Replace keyid with the Key ID found in the previous step.

# Export the secret key
gpg --export-secret-keys -a [keyid] > private_key.asc
# Export the public key
gpg --export -a [keyid] > public_key.asc

Now you should have 2 keys available, which you can securely copy them to the second machine you want to use them on.

Importing the GPG keys

To import the GPG keys on your second machine:

# Import the private key
gpg --import private_key.asc
# Import the public key
gpg --import public_key.asc

This imports the keys, but they cannot be used yet.

To activate the key, run:

gpg --edit-key your@email.com

Where your@email.com is the email address associated with your GPG key.

This opens the GPG command prompt:

gpg (GnuPG) 2.2.15; Copyright (C) 2019 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

[your keys here]

gpg>

Activating the GPG keys

From the GPG command line, type: trust and press Enter. You should see something like below:

gpg> trust

Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)

  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu

Your decision?

Only if this is your main GPG key, you should choose ultimate trust by choosing 5 and pressing Enter.

You should now be able to use your GPG key on your other machine!


Sources