[Durham] GPG with multiple devices
olly at burnett-hall.co.uk
Mon Aug 25 12:15:56 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
On Thu, 21 Aug 2014 23:14:03 +0100
mark <mark at aktivix.org> wrote:
> On 20/08/14 22:26, Oliver Burnett-Hall wrote:
> > 7. Somehow (I'm not exactly sure how this step is done) export/copy
> > to each device the single encryption subkey and the signing subkey
> > for that device.
> On the machine you've generated your subkeys on, find the ID of your
> secret subkey:
> > gpg --list-secret-keys
> Then, export the subkey you want to move to (say) your phone as an
> ascii-armoured file, using
> > gpg --export-secret-subkeys YOURSUBKEYID!
> Then, move the resulting file to the phone out-of-band, eg. by
> mounting the storage directly to your workstation and writing it
> accross. Do not, for obvious reasons, use anything like dropbox to
> move it between devices
> Then on your phone, import it:
> > gpg --allow-secret-key-import --import subkey.asc
Thanks, that has worked (at least I hope it has; this message should
be signed by a key ID 6A77F4DE58012FF9). I'd seen the
- --export-secret-subkeys option in the gpg manpage, but was put off by
the scary warning (and it didn't mention the SUBKEYID! syntax to
specify which subkeys to export).
> Yes, people need to keep their public keyring synced in order to pick
> up your revocation.
A very small amount of digging has revealed the --refresh-keys option
for gpg. I guess that it would be a good idea to set up a cron job to
run this every week or even every day, ensuring that you catch any key
> What do you think about setting up a cryptoparty? We could go through
> this stuff together and sign each others keys if we set aside a few
> hours. Maybe somewhere a bit quiter than the rowing club, with a
> projector? Can anyone borrow a room like that at the Uni for an
> afternoon or evening?
I was going to suggest a keysigning session. If there's enough interest
for a full cryptoparty then I'd be up for that.
- - olly
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
-----END PGP SIGNATURE-----
More information about the Durham