How to import secret gpg key (copied from one machine to another)?

I’m trying to copy my gpg key from one machine to another.

I do:

gpg --export ${ID} > public.key
gpg --export-secret-key ${ID} > private.key

Move files to new machine, and then:

gpg --import public.key
gpg: nyckel [ID]: public key [Name, e-mail] was imported
gpg: Total number of treated keys: 1
gpg:                 imported: 1  (RSA: 1)

gpg --allow-secret-key-import private.key
sec  [?]/[ID] [Creation date] [Name, e-mail]
ssb  [?]/[SUB-ID] [Creation date]

All looks good to me, but then:

$ gpg -d [file].gpg
gpg: encrypted with 4096-bit RSA-key, id [SUB-ID], created [Creation date]
  [Name, e-mail]
gpg: decryption failed: secret key not accessible

So the error message says that the file has been encrypted with [SUB-ID], which the secret key import appears to say it has imported. (The [SUB-ID] in both messages is the same).

So I’m clearly doing something wrong, but I don’t know what.

Asked By: user50849

||
Source

You need to add --import to the command line to import the private key. (You don’t need to use the --allow-secret-key-import flag. According to the man page: "This is an obsolete option and is not used anywhere.")

gpg --import private.key
Answered By: Celada

Above is only a partial answer. Complete answer is:

gpg --import private.key

  • Given the KEYID (e.g FA0339620046E260) from the output:

      gpg --edit-key {KEY} trust quit
  # enter 5<RETURN> (I trust ultimately)
  # enter y<RETURN> (Really set this key to ultimate trust - Yes)

  • OR use the automated command below:

      expect -c 'spawn gpg --edit-key {KEY} trust quit; send "5ryr"; expect eof'

Finally, verify that key is now trusted with [ultimate] instead of [unknown]

gpg --list-keys
Answered By: cmcginty

I was importing from a backup that had an old version of gpg. Since the old computer wasn’t available, only the backup, I couldn’t export it first. This is what worked for me.

gpg --import old_home_dir/.gnupg/pubring.gpg
gpg --import old_home_dir/.gnupg/secring.gpg

If you want to be able to import secret keys without entering the passphrase immediately, use the --batch option.

To verify the public keys:

gpg --list-keys

To verify the secret keys:

gpg --list-secret-keys
Answered By: Jonathan Tran
Categories: Answers Tags:
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.