LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   Import and export keys, PGP to GnuPG (https://www.linuxquestions.org/questions/linux-software-2/import-and-export-keys-pgp-to-gnupg-906617/)

imchi 10-05-2011 01:20 PM

Import and export keys, PGP to GnuPG
 
Hi,

I need to export an existing PGP key and import it into GnuPG on a different machine.
This is how I did the export:

Code:

pgp -kx myuser _myuser_public 
pgp -kx myuser _myuser_private secring.skr

(this is from the pgp installation directory that contains secring.skr).

This produced two files:
_mykey_public.pgp
_mykey_private.pgp.

Then I moved them to the target machine and did this:

Code:

gpg --import _myuser_public.pgp
gpg --import _myuser_private.pgp

The later gives me the message "key not changed". Not sure what it means - could it be that the second import did not work?

Now if I try to encrypt the file "test" with gpg:

Code:

gpg --encrypt -r myuser test

I get this message:

Code:

There is no assurance this key belongs to the named user.
(then there is a command prompt for Y/N).

My understanding is that I am supposed to sign the key for my user. So, I tried doing this:
Code:

Code:

pg --edit-key myuser
Output:
Code:

pub  xxxx  created: xxxx expires: xxxx      usage: xxxx
                    trust: unknown      validity: unknown
sub  xxx  created: xxxx  xxxx: never      usage:xxxx

Then I see a GPG command prompt and issue the command "sign". I get the message:
Code:

Code:

gpg: no default secret key: No secret key
I also tried doing
Code:

gpg --sign myuser
And got this message:
Code:

gpg: no default secret key: No secret key
gpg: signing failed: No secret key

At this point, I am not sure how to proceed. What else do I need to do to make the key trusted? I've read a lot of documentation on the web, but it hasn't been very helpful.

Thanks in advance.

ntubski 10-07-2011 09:23 AM

Quote:

Originally Posted by imchi (Post 4490920)
Hi,

I need to export an existing PGP key and import it into GnuPG on a different machine.
This is how I did the export:

Code:

pgp -kx myuser _myuser_public 
pgp -kx myuser _myuser_private secring.skr

(this is from the pgp installation directory that contains secring.skr).

I think you should be using secring.skr from your personal directory, eg: ~/.pgp on Unix, C:\Users\myuser\AppData\Roaming\PGP on Windows. I could be wrong about this as apparently the public import seemed to work...
Quote:


This produced two files:
_mykey_public.pgp
_mykey_private.pgp.

Then I moved them to the target machine and did this:

Code:

gpg --import _myuser_public.pgp
gpg --import _myuser_private.pgp

The later gives me the message "key not changed". Not sure what it means - could it be that the second import did not work?
You should be seeing something like gpg: key xxxxx: secret key imported. It seems like your private key was not imported. Try exporting again with additional option -a (for ascii) and check that _myuser_private.pgp has the line -----BEGIN PGP PRIVATE KEY BLOCK-----.

imchi 10-11-2011 09:13 AM

Quote:

Originally Posted by ntubski (Post 4492468)
I think you should be using secring.skr from your personal directory, eg: ~/.pgp on Unix, C:\Users\myuser\AppData\Roaming\PGP on Windows. I could be wrong about this as apparently the public import seemed to work...

You should be seeing something like gpg: key xxxxx: secret key imported. It seems like your private key was not imported. Try exporting again with additional option -a (for ascii) and check that _myuser_private.pgp has the line -----BEGIN PGP PRIVATE KEY BLOCK-----.

Thank you for your help. I was finally able to export and import the private key by gpg directly from the original secring file.
But now, I am having a problem decrypting with that private key. This is what I get:
Code:

You need a passphrase to unlock the secret key for
user: "myuser"
...
can't connect to `/home/myuser/.gnupg/S.gpg-agent': No such file or directory                               
gpg-agent[3922]: command get_passphrase failed: Operation cancelled
gpg: cancelled by user
....
gpg: public key decryption failed: General error
gpg: decryption failed: No secret key

I don't have the gpg-agent daemon running. I need to be able to enter the passphrase manually. How do I switch off the agent mode??

ntubski 10-11-2011 11:50 AM

Quote:

How do I switch off the agent mode??
You may be out luck here:
Quote:

--use-agent
--no-use-agent
This is dummy option. gpg2 always requires the agent.
From GPG Manual: How to change the configuration
Downgrade to gpg 1.x, perhaps?


All times are GMT -5. The time now is 09:27 AM.