this post was submitted on 01 Feb 2024

20 points (88.5% liked)

Privacy

31224 readers

967 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago

MODERATORS

Struggling with GnuPG private keys (lemmy.ml)

submitted 7 months ago by feoh@lemmy.ml to c/privacy@lemmy.ml

9 comments fedilink hide all child comments

So, years ago I tried PGP/GPG and put my key up on the public keyservers.

And then promptly lost the private key data. Lather, rinse, repeat, and now there are like 5 old GPG/PGP identities for me up there that are gone forever and can't be revoked.

So, it's 2024, and I think "I have a NAS I do regular backups and test restores on. Surely I can keep my private key data safe and secure now".

So I get GPG going, create my keys, and then, not knowing any better? copy my entire $HOME/.gnupg directory to my NAS.

The goal here is for me to be able to use the same private key across all the machines I use. There are several.

But when I copy down that directory, GPG refuses to "see" it. gpg --list-secret-keys prints - Nothing.

Is there a better way to keep my key in sync across all my machines? I'd rather not use keybase if possible, they give me the willies after tainting themselves with cryptocurrency and being bought.
Assuming there isn't, what am I doing wrong with my ~/.gnupg directory?

Thanks in advance!

top 9 comments

sorted by: hot top controversial new old

[–] ono@lemmy.ca 12 points 7 months ago (1 children)

Not really an answer to your question, but just to make you aware of some options:

Have you considered using subkeys for each of your machines, signing things with those, and keeping their master key someplace safe? That would limit your exposure if one of those machines is compromised, since you could revoke only that machine's key while the others remain useful (and the signatures they have issued remain valid).

Are you setting expiration dates on your keys? That can bring some peace of mind when you lose your key/revocation data.

[–] feoh@lemmy.ml 1 points 7 months ago

Interesting food for thought here, but you're talking about making the keys more secure.

These keys are ONLY used to store E-mail credentials, so "Good enough" is plenty :) I'll work on successfully retaining and managing my single key first, and then we can work on flying around the room :)

But thanks!

[–] Trainguyrom@reddthat.com 4 points 7 months ago

As a first guess like you might have a permission issue at play. Can you cat the private key on the machine that you're not seeing it in gpg --list-secret-keys prints

[–] taladar@sh.itjust.works 4 points 7 months ago

GPG uses some sockets in .gnupg for communication with the GPG agent and in general between components. It might be possible that that doesn't work with your NAS network filesystem.

[–] lemmyuser30@lemmy.ml 3 points 7 months ago (1 children)

Why not just export the secret key to the NAS and then import it on whatever device needs it? No reason to copy and paste the whole directory to each machine.

[–] feoh@lemmy.ml 1 points 7 months ago

Yup that's the solution I went with in the end analysis. Just use the exported text file copies of my keys and I'm good to go :)

[–] Lemmchen@feddit.de 3 points 7 months ago (1 children)

https://unix.stackexchange.com/questions/481939/how-to-export-a-gpg-private-key-and-public-key-to-a-file

Does this help?

[–] feoh@lemmy.ml 3 points 7 months ago (1 children)

Hey I just want to thank you for this. It did indeed do exactly what I wanted! I think in the past when I'd tried to export my secret key I musn't have used the right parameters because I could never import it, but when I follow this guide I can!

So now I can just store plaintext private and public keys on my private NAS and import them on any machine where they're needed and I'm good to go!

[–] Tangent5280@lemmy.world 2 points 7 months ago

Good old internet anonymous tech support. Love to see it.