Kensuke Kousaka's Blog

Notes for Developing Software, Service.

Log for migrating GnuPG environment to new server

Describe how to migrate GnuPG.

First, run following commands.

$ mkdir ~/.gnupg
$ chmod 700 ~/.gnupg
$ cp /usr/share/gnupg/gpg-conf.skel ~/.gnupg/gpg.conf

Append follow lines to ~/.gnupg/gpg.conf.

display-charset utf-8
personal-digest-preferences SHA512
cert-digest-algo SHA512
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
personal-cipher-preferences TWOFISH CAMELLIA256 AES 3DES
use-agent
no-permission-warning
lock-never

Create ~/.gnupg/gpg-agent.conf, and add follow line.

pinentry-program /usr/bin/pinentry-curses

Change permission for newly created files.

$ chmod 600 ~/.gnupg/gpg.conf
$ chmod 600 ~/.gnupg/gpg-agent.conf

Comment out follow line in /etc/pacman.conf.

GPGDir = /etc/pacman.d/gnupg/

Export old server key files by running follow comamnds.

$ gpg -o pub.key --export hoge@foo.bar
$ gpg -o sec.key --export-secret-key hoge@foo.bar
$ gpg --export-ownertrust > hogetrust

After exported key files, transport these files to new server using secure way (e.g. scp).

After transported key files, run follow commands to import these key files.

$ gpg --import pub.key
$ gpg --import --allow-secret-key-import sec.key
$ gpg --import-ownertrust hogetrust