Motivation
I migrated my GnuPG secret keys when setting up a new PC, so here’s a memo for future reference.
Export
# Check the secret key to export
gpg --with-keygrip --list-secret-keys --keyid-format long
# Export the secret key
gpg --armor --export-secret-keys --output "${SECRET_KEY_ID}.secret.gpg" "${SECRET_KEY_ID}"
# Check the public key to export
gpg --with-keygrip --list-keys --keyid-format long
# Export the public key
gpg --armor --export --output "${KEY_ID}.gpg" "${KEY_ID}"Import
# Import the secret key
gpg --import "${SECRET_KEY_ID}.secret.gpg"
# Trust the imported secret key
gpg --edit-key "${SECRET_KEY_ID}"
# Trust
# gpg> trust
# Select trust level
# 5 (ultimate trust)
# Save and exit
# gpg> save
# Verify the import was successful
gpg --with-keygrip --list-secret-keys --keyid-format longCreating a New Key from Scratch
# Create a new key
gpg --expert --full-generate-keyIf You Get gpg: decryption failed: No such file or directory
You forgot to set the following:
export GPG_TTY=$(tty)