For context, GPG key pairs are necessary for password managers such as
Migrating computers requires migrating the GPG key pairs or else
pass will be
unable to load or create passwords. Migrating GPG pairs requires exporting them
in the original computer and exporting them in the target computer. That is what
this tutorial shows.
How to export GPG key pairs
Export the private key
Export an existing private key. Make sure to use the
--armor flag if the
private key will be printed in the future as a backup.
gpg --export-secret-keys --armor <key-name|key-email> > <private-key-file>
Export a public key
A public key can be created now or later on. What matters is the private key, which can generate more public keys. To create the key now:
gpg --export --armor <key-name|key-email> > <public-key-file>
How to import the GPG key pair
Import the private key
You will be asked for the password.
gpg --import <private-key-file>
Export a public key if this has not been done
Generate a public key from the exported private key. Redirect the output into a file.
gpg --export --armor <key-name|key-email> > <publick-key-file>
Import the public key and change the trust level
Import the key and edit it by changing the trust level from unknown to ultimate.
gpg --import <public-key-file> gpg --edit-key <name or email> >trust >5 >save >quit
Scripts for exporting and importing key pairs
Use the following scripts to export and import key pairs like so:
# An email like email@example.com is also valid. ./export-key-pair.sh "John Doe" ./import-key-pair.sh "John Doe"
Inspect the code briefly — do not trust internet scripts blindly.