32a67684cc4c5fccf053a7055fa3020783d55a71
Tech/GnuPGKeyManagement.md
| ... | ... | @@ -545,17 +545,6 @@ Example: Agent A leaves role R, Agent B takes over role R |
| 545 | 545 | |
| 546 | 546 | |
| 547 | 547 | |
| 548 | -* export public key $MASTER_KEY |
|
| 549 | -* export-secret-subkeys $SIGNING\_SUBKEY\_ID |
|
| 550 | - |
|
| 551 | -``` |
|
| 552 | -# export public key, secret sub encrypt, secret sub sign |
|
| 553 | -gpg -a --export $MASTER_KEY_ID > master.pub |
|
| 554 | -gpg -a --export-secret-subkeys $SIGNING_SUBKEY_ID > subsign.sec |
|
| 555 | -``` |
|
| 556 | - |
|
| 557 | - |
|
| 558 | - |
|
| 559 | 548 | ## Transcript |
| 560 | 549 | |
| 561 | 550 | $ gpg --edit-key $MASTER_KEY_ID |
| ... | ... | @@ -625,6 +614,24 @@ gpg -a --export-secret-subkeys $SIGNING_SUBKEY_ID > subsign.sec |
| 625 | 614 | $ |
| 626 | 615 | |
| 627 | 616 | |
| 617 | +## Exporting stripped keys |
|
| 618 | +Export only one subkey (e.g. to a mobile device). |
|
| 619 | + |
|
| 620 | +* export public key $MASTER\_KEY |
|
| 621 | +* export-secret-subkeys $SIGNING\_SUBKEY\_ID |
|
| 622 | + |
|
| 623 | +``` |
|
| 624 | +# export public key, secret sub encrypt as a file |
|
| 625 | +gpg -a --export $MASTER_KEY_ID > master.pub |
|
| 626 | + |
|
| 627 | +# export enc subkey as a file encrypted with an OTP |
|
| 628 | +gpg -a --export-secret-subkeys $SIGNING_SUBKEY_ID | gpg --armor --symmetric --output encryption-subkey.asc |
|
| 629 | +``` |
|
| 630 | + |
|
| 631 | +* transfer to device |
|
| 632 | +* decrypt and import |
|
| 633 | + * OpenKeychain for Android supports this |
|
| 634 | + |
|
| 628 | 635 | |
| 629 | 636 | |
| 630 | 637 | # Links |