Ubuntu – How to import a private key into GPG so that it becomes the default key

gnupg

I'm trying to share a GnuPG key pair by importing it into each machine. This is how I'm doing it:

gpg --allow-secret-key-import --import secret.gpg.key
gpg --import public.gpg.key

The keys have been exported with -a.

After doing this, the public key is shown correctly when I do a gpg --list-keys, but the private key isn't (gpg --list-secret-keys).

What am I doing wrong?

By the way: I'm doing this with Puppet, so any solution that doesn't require me to type stuff in (--edit-key and the like) would be appreciated.

Best Answer

To change the GnuPG behaviour on what key it selects on signing/encryption, use the default-key configuration parameter with the key ID as the value.

So, for example, with

$ gpg --list-secret-keys 
/home/gert/.gnupg/secring.gpg
-----------------------------
sec   4096R/13371337 2011-01-01 [expires: 2014-01-01]
uid                  Gert van Dijk (1st key) <name@example.tld>
ssb   4096R/31337313 2011-01-01

sec   4096R/12345678 2013-04-23 [expires: 2014-01-01]
uid                  Gert van Dijk (2nd key) <name@example.tld>
ssb   4096R/87654321 2013-04-23

add a line in ~/.gnupg/gpg.conf:

default-key 12345678

or, alternatively, use the long key ID (recommended as short key IDs can have collisions):

$ gpg --list-secret-keys --with-colon
sec::4096:1:ABCDEFAB12345678:2013-01-01:2014-01-01:::Gert van Dijk (2nd key) <user@example.tld>:::

and add a line in ~/.gnupg/gpg.conf:

default-key ABCDEFAB12345678

Related Solutions

Ubuntu – How to verify if a exported gpg key is a public or a private one

Run on the command line:

gpg the-keyfile

With the-keyfile being the .asc (armored) or .pgp (binary) file. The output will either start with sec (secret available) or pub (public key only). This is a successful export of a secret key:

sec  [more key details]
ssb  [more subkey details]

And this for a public key:

pub  [more key details]
sub  [more subkey details]

Note that exporting the secret key also implies the public key (one can derive the public from the secret).

Ubuntu – How to share the public OpenPGP key using GnuPG

From the command line:

Run gpg --list-keys 'your name' to list the keys you currently have (replacing your name with the name you have while setting up):

$ gpg --list-keys muru      
/home/muru/.gnupg/pubring.gpg
--------------------------------
pub   2048R/AD0CC9B4 2015-07-15
uid                  muru
sub   2048R/450DAD90 2015-07-15

Note the fingerprint of the key you want to export. The fingerprint of my public key is AD0CC9B4. To export it, I'll do gpg --export (-a is for ASCII armour, so that the key is in the usual base64-encoded form):

$ gpg -a --export AD0CC9B4
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1

mQENBFWm4zkBCADYo5ffanvwBVGMbfp3g+/RMYb41QRZXCGSUhZkU7m3BpPSoO/4
NBzD4KKAU6CTVzBmVmZoFGgK2dDIOv+ZCkB4USZM2cvvpu7I+jfaYZW7ouQ4uEYu
8xY8ugFn5ImsK4KN0OP+Iw1VBXLdvj/rEiV+gcH8QV0XhsfgczCxjS1dMV3AMD+h
# snip
Wo0X3XmrPpaHJf7MsjGmJGbHNX9ZLllyFWQPlNdu9ilLI9GMjSpJSqQ=
=l/Xm
-----END PGP PUBLIC KEY BLOCK-----

You can redirect the output to a file:

gpg -a --export AD0CC9B4 > my-pubkey.asc

Then my-pubkey.asc should contain your ASCII-armoured public key.

The corresponding private key can be exported with:

gpg -a --export-secret-keys AD0CC9B4

The output of this command will begin with

-----BEGIN PGP PRIVATE KEY BLOCK-----

Best Answer

Related Solutions

Ubuntu – How to verify if a exported gpg key is a public or a private one

Ubuntu – How to share the public OpenPGP key using GnuPG

Related Question