I recently was migrating to a fresh installation of Fedora 41, and in order to do so, moving over gpg and ssh keys, as well as my .password-store database was vital. I had a couple minutes of struggle in doing so, so I wrote this quick reference when dealing with keys in the future.
-
To obtain your key ID
gpg –list-secret-keys –keyid-format LONG
Which returns something like
/home/joshua/.gnupg/pubring.kbx
-------------------------------
sec ed25519/[your key] 2018-03-30 [SC]
ABCDEFGHIJKLMNOPQRSTUVWXYZ
uid [ unknown] joshua (KEY NAME) <user@domain>
ssb rsa4096/ABCDEFGHIJKL 2018-03-30 [E]
After “ed25519/” is your key ID.
Export the key in preparation to move it:
gpg --export -a [your key] > gpg-pub.asc
Prepare the secret key for migration (if password protected, you’ll be prompted to enter it):
gpg --export-secret-keys -a [your key] > gpg-secret.asc
Generally, this exports the keys to the home directory, if you need to find them:
ls -l gpg*.asc
Drag the key pair from the current directory to your USB stick or however else you move them.
Once on the new machine, import them:
gpg --import gpg-pub.asc
If password protected, you’ll be prompted to enter it:
gpg --import gpg-secret.asc
You’ll need to adjust the trust level for password-store:
gpg --edit-key [your key]
Trust level 5 “I trust ultimately”
If there is an issue getting the key onto the new computer do this:
rm -rf ~/.gnupg/*
mkdir -p ~/.gnupg/private-keys-v1.d
chmod 700 ~/.gnupg
chmod 700 ~/.gnupg/private-keys-v1.d
# then try importing the keys
You will now have working keys that you can read your password database, as well as generate new passwords.