Linux Commands

How to export and import keys with GPG


To encrypt email and files, you need to know how to generate, export, and import GPG keys. For instance, you have generated a GPG key pair by using the “gpg –gen-key” command, and now you want to export your public and private keys to exchange in communication. With the help of the “gpg” command, you can easily export and import the public key and private key. However, in the case of the private key, a passphrase will be associated with the exported file that can be utilized to import that specific private key in a secret keyring.

This write-up will guide you in exporting and importing public and private keys with GPG. Moreover, a practical example will be provided to show you the procedure of exporting and importing GPG keys between two systems. So, let’s start!

Types of GPG keys

The GPG key pair comprises two types of keys: Private and Public keys. The private GPG keys are encrypted and stored in the secret keyring, and public keys are maintained with certificates attesting to their trustworthiness in the public keyring. You can use the public key for the data encryption, and that encrypted data will be decrypted using the Private key. Anyone can use your public key to encrypt the data; however, the private key will be needed to decrypt it.

Note: We have already generated two GPG keypairs for the demonstration purpose, one for “john” and the other for “fred” on two separate systems. Now, we will export john’s private and public key, then import it on the other system.

How to export public key with GPG

Before sending your public key to a correspondent, you must first export it using the gpg command. In the gpg command, an additional argument is specified for identifying the public key, which will be the user ID “uid” in our case, and to generate the output of the exported file in ASCII format, the “-a” or “–armor” option is added in the “gpg” command.

To export a particular public key, first of all, list out the generated GPG keys on your system and select the key which you want to export. To do so, execute the below-given “GPG” command:

$ gpg --list-keys

For instance, for exporting the public key of the user “john,” we will note down its user ID “uid” from the list:

To export the public key of “john,” we will add the “–export” option in the GPG command. Here, the “-a” option is utilized for creating an ASCII representation of the public key, and the “>” redirect operator is used for redirecting the output of the gpg command to the “public.key” file:

$ gpg --export -a john > public.key

The error-free output declares that our “public.key” file is all ready to export. To check out its content, execute the following “cat” command:

$ cat public.key

As you can see, the “public.key” has stored the ASCII representation of john’s public key:

How to export private key with gpg

Exporting a GPG private key is useful when you have multiple computers and want one key pair for all systems. In this situation, the “gpg” command permits you to export the private key from the system where you have generated the key pair to all other computers. Also, if you belong to a specific group and want to create a single key-pair system for all group members, you can export the private key and share it with the group members. After that, your group members can import that specific private key to their systems. This operation will establish a simplified system, where the only public key will be required for sending the encrypted files or documents to multiple recipients.

The “–export-secret-key” option is added in the “gpg” command for exporting the private key. To export the private key of “john” in ASCII format, we will type out the following “gpg” command:

$ gpg --export-secret-key -a john > private key

Enter a strong passphrase for exporting the private key. The receiver will use this passphrase for importing the exported private key. For instance, in our case, the other system user will utilize this passphrase for importing the “private.key” in its Secret keyring:

After clicking the “OK” button, the “private.key” file will be generated with the associated passphrase:

You can check out the content of the “private.key” file to know if your private key is successfully converted to ASCII representation:

$ cat private.key

Till this point, we have created two files, “public.key” and “private.key” that contain the ASCII representation of the public and private key of “john” uid, respectively. Now, we will share these files with another system user so that the “newuser” can import the GPG keys to its keyrings.

How to import public key with GPG

With the gpg command, importing a public key to your keyring is as simple as exporting them. By importing the sender’s public key, you can decrypt the received encrypted files, documents, or emails.

In the previous section, we showed the procedure to export john’s “public.key”. Now, we will guide you about the procedure of importing it on another “newuser” account. Before importing the “public.key”, we will list out the keys present in the keyring:

$ gpg --list-keys

Currently, “newuser” has only the GPG keypair for “fred” uid, which can be seen in the following output:

Now, to import the john’s “public.key”, we will execute the “gpg” command with the “–import” option:

$ gpg --import public.key

The below-given output shows that the public key of “john” is imported successfully:

For the confirmation of the specified operation, we will list out the “newuser” Public keyring:

$ gpg --list-public-keys

John’s public key is imported successfully, which can be seen in the below-given image:

How to import private key with GPG

The following GPG command will help us to import the “private.key” of the “john” to the Secret keyring of the “newuser”:

$ gpg --import private.key

You will be asked to enter the passphrase used while exporting the john’s private.key. After typing out that passphrase, click on the “OK” button:

The output will let you know that the secret key is imported:

For the verification purpose, you can also list out the private keys which are present in the Secret keyring:

$ gpg --list-secret-keys

Now, check out john’s secret key in the below-given output:

Conclusion

To communicate with each other using the GPG key cryptography technique, the intended recipients must have a copy of your GPG keys. In such a case, you can export your GPG keypair with the correspondents, and then they can import it to their keyring using the GPG command. After that, you can send the encrypted files, documents, or emails, and the particular receiver will decrypt them easily. This write-up showed you how to export and import using GPG. Moreover, a practical example is also provided to demonstrate the procedure of exporting and importing GPG keys between two systems.

About the author

Sharqa Hameed

I am a Linux enthusiast, I love to read Every Linux blog on the internet. I hold masters degree in computer science and am passionate about learning and teaching.