How to export a GPG private key and public key to a file

I have generated keys using GPG, by executing the following command

gpg --gen-key

Now I need to export the key pair to a file;
i.e., private and public keys to private.pgp and public.pgp, respectively. 
How do I do it?

Asked By: rocky


Export Public Key

This command will export an ascii armored version of the public key:

gpg --output public.pgp --armor --export username@email

Export Secret Key

This command will export an ascii armored version of the secret key:

gpg --output private.pgp --armor --export-secret-key username@email

Security Concerns, Backup, and Storage

A PGP public key contains information about one’s email address. This is generally acceptable since the public key is used to encrypt email to your address. However, in some cases, this is undesirable.

For most use cases, the secret key need not be exported and should not be distributed. If the purpose is to create a backup key, you should use the backup option:

gpg --output backupkeys.pgp --armor --export-secret-keys --export-options export-backup user@email

This will export all necessary information to restore the secrets keys including the trust database information. Make sure you store any backup secret keys off the computing platform and in a secure physical location.

If this key is important to you, I recommend printing out the key on paper using paperkey. And placing the paper key in a fireproof/waterproof safe.

Public Key Servers

In general, it’s not advisable to post personal public keys to key servers. There is no method of removing a key once it’s posted and there is no method of ensuring that the key on the server was placed there by the supposed owner of the key.

It is much better to place your public key on a website that you own or control. Some people recommend for distribution. However, that method tracks participation in various social and technical communities which may not be desirable for some use cases.

For the technically adept, I personally recommend trying out the webkey domain level key discovery service.

Answered By: RubberStamp
  • List the keys you have:
    gpg --list-secret-keys
  • Export the key:
    gpg -o ~/my-key.asc --export-secret-key name
  • Copy it on another machine;
  • Import the key:
    gpg --import my-key.asc
Answered By: Serj Sp

“GnuPG (aka PGP/GPG)”
More information

Generate key:
gpg --gen-key

View all keys:
gpg --list-keys

Export public key:

gpg --export -a --output [path-to-public-key].asc [email-address]

Export secret key:

gpg -a --export-secret-keys > [path-to-secret-key].asc
Answered By: user416078

To export SOMEKEYID public key to an output file:

gpg --output public.pgp --export SOMEKEYID

When working with secret keys it’s generally preferable not to write them to files and, instead, use SSH to copy them directly between machines using only gpg and a pipe:

gpg --export-secret-key SOMEKEYID | ssh othermachine gpg --import

If you must, however, output your secret key to a file please make sure it’s encrypted. Here’s how to accomplish that using AES encryption using the Dark Otter approach:

gpg --output public.gpg --export SOMEKEYID && 
gpg --output - --export-secret-key SOMEKEYID |
    cat public.gpg - |
    gpg --armor --output keys.asc --symmetric --cipher-algo AES256

The last approach is ideal if you want to create a physical back-up of your public and private keys to safeguard against a disk failure when no other way exists to regain access to your keys.

Note: If you only have a copy of your private key but not your public key it is possible to recovery your public key by reimporting the private key, trusting it, and then re-exporting.

See Moving GPG Keys Privately for additional considerations.

Answered By: vhs
Categories: Answers Tags: , ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.