I have successfully created GnuPG public/private key pair using RSA and RSA algorithm. How can I export a public key and private key in the form of file with the .asc extension?
Asked
Active
Viewed 2.3k times
5
-
Note: recently gpg2 came out. Some distros (debian) use exclusively this, others (ubuntu) use still the first version on gpg and the 2 on gpg2. They seem compatible with the public keys but not with the private ones. – peterh Jun 09 '17 at 14:57
1 Answers
12
Hint 1: gpg calls private keys 'secret' because PGP dates from before people settled on the names 'private' key for the half of an asymmetric pair held by (ideally) only one party versus 'secret' key for a symmetric value usually held by two or more mutually trusting parties but nobody else.
man gpg2 | less "+/export-secret" then n (go to second match) shows:
--export-secret-keys
--export-secret-subkeys
Same as --export, but exports the secret keys instead. This is
normally not very useful and a security risk. The second form
of the command has the special property to render the secret
part of the primary key useless; this is a GNU extension to
OpenPGP and other implementations can not be expected to suc-
cessfully import such a key. See the option --simple-sk-check-
sum if you want to import such an exported key with an older
OpenPGP implementation.
Hint 2: you can output to a file by just redirecting, or using (either of)
--output file
-o file
Write output to file.
However, people usually use the .asc extension for files in 'ASCII armor(ed)' format, which is base64 with dashes-BEGIN and dashes-END lines and sometimes (including here) 822/MIME-style headers. If you want not just a file named .asc, but a file in the usual .asc format, use (either of)
--armor
-a Create ASCII armored output. The default is to create the
binary OpenPGP format.
TLDR:
gpg2 --export-secret-keys -a -o file.asc [keyid ...]
dave_thompson_085
- 3,262
- 1
- 16
- 16