[Durham] GPG with multiple devices

[Oliver Burnett-Hall]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Thu, 21 Aug 2014 23:14:03 +0100
mark <mark at aktivix.org> wrote:
> On 20/08/14 22:26, Oliver Burnett-Hall wrote:
> > 7. Somehow (I'm not exactly sure how this step is done) export/copy
> > to each device the single encryption subkey and the signing subkey
> > for that device.
> 
> On the machine you've generated your subkeys on, find the ID of your
> secret subkey:
> 
> > gpg --list-secret-keys
> 
> Then, export the subkey you want to move to (say) your phone as an
> ascii-armoured file, using
> 
> > gpg --export-secret-subkeys YOURSUBKEYID!
> 
> Then, move the resulting file to the phone out-of-band, eg. by
> mounting the storage directly to your workstation and writing it
> accross. Do not, for obvious reasons, use anything like dropbox to
> move it between devices
> 
> Then on your phone, import it:
> 
> > gpg --allow-secret-key-import --import subkey.asc

Thanks, that has worked (at least I hope it has; this message should
be signed by a key ID 6A77F4DE58012FF9). I'd seen the
- --export-secret-subkeys option in the gpg manpage, but was put off by
the scary warning (and it didn't mention the SUBKEYID! syntax to
specify which subkeys to export).

[snip]

> Yes, people need to keep their public keyring synced in order to pick
> up your revocation.

A very small amount of digging has revealed the --refresh-keys option
for gpg. I guess that it would be a good idea to set up a cron job to
run this every week or even every day, ensuring that you catch any key
updates.

> What do you think about setting up a cryptoparty? We could go through
> this stuff together and sign each others keys if we set aside a few
> hours. Maybe somewhere a bit quiter than the rowing club, with a
> projector? Can anyone borrow a room like that at the Uni for an
> afternoon or evening?

I was going to suggest a keysigning session. If there's enough interest
for a full cryptoparty then I'd be up for that.

- - olly
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJT+yjvAAoJEMDNuTgxRltPBUQP/iNtrFtU6Ia6ZdalOLzx8lvQ
S0pJyqib8gCrb5BRjBkmX3+i91Ze3uK3pPrMYd+YmBND44sWeScY1j7o84OkbRza
W2bpyiOO1Y2ZHOGm85TPziIYJlgbP9WstwPoRZQVro9mLs5a7HRVxH+NfNAYLK/I
LbMxyRoRBPvgPWZMF93oCFVl4+PFF21uDyrmIlVTaECHGNTFJP8ZmecUvi53MxMh
Wav6t5CyOR5F23NrffLpbg9AV91geVn+BCCv45qQ8URzIyT9fpzans9OxJhJW0MG
eWnmUFhm+lOL8+h/w5XRT8A+6bXbbsax9dE/ej4S26mFEMuBxu+a1C0EELNn2KTi
nlgLXljXdJAo//mT4pgbMznBErPkNImHqfauoORna7Taydt0xs9xIBvODiD7WAB7
2lZIGsRSlFW4eol24mI4ANJgkxV6Yrapl9ZiluTTtK2WGfoohKZ5Y33+h+nC0yIs
6eo1Tc7qlGP/VYAXxwww5WsNWyRNDELGNzrh2PiO8LfnGeoe23F8vQ3nAxqLm1OX
bThKsrA44vfPBG96u8GHVL40RJ7dkM3sLBcno3mcOno+yTPlOpScKalxE44Q+PPq
AzpsdTWfl5HEn9AHH/gleTNbih9lGgzYgGRFZbhsOKNLE0a1rkgvsHwzw+1+Mewg
ggnEtqzklkWP+Ycu/K/g
=hDBO
-----END PGP SIGNATURE-----