GPG, also known as GNU Privacy Guard, is a free software program that executes the OpenPGP standard for secure data encryption and digital signing. In GPG, private and public keys are utilized to encrypt and decrypt data. The GPG keys are stored in a keyring file in the home directory. Once users have generated a GPG key pair, utilize it to encrypt and sign data, such as emails or files, for secure transmission or storage.
Considering its significance, this article will demonstrate various methods to export GPG private and public keys to a file:
- How to Export a GPG Key Pair (Private/Public Keys) to a File on Linux?
- How to Import a GPG Key Pair (Private/Public Keys) to a File on Linux?
- How to Generate a GPG (Private/Public) Key Pair on Linux?
- How to Back Up/Restore GPG (Public/Private) Keys on Linux?
Prerequisite: Generate a GPG Key Pair in Linux
GPG is based on PGP which provides similar encryption and digital signature functionality. To generate a GPG private and public keys to a file (key pair), follow our article “How to Generate GPG Keys on Linux”.
How to Export a GPG Key Pair (Private/Public Keys) to a File on Linux?
A GPG private key is a secret key that encrypts data. It is kept secret by the user and not shared with others. With a GPG private key, a user can sign and decrypt messages.
On the other hand, a GPG public key is a key that is shared with others. It is distributed freely and is utilized to encrypt messages that the owner of the related private key decrypts.
To export a GPG key pair (private/public keys) to a file in Linux, use the following syntax:
Syntax of Export GPG Public Key to a File
To export the public key, use the “gpg” command with the “export” option by mentioning the key filename:
gpg --export [key-id] > public-key.asc
In the above syntax, replace [key-id] with the identifier of the key pair that users want to export. Also, the “.asc” extension indicates that they are ASCII.
Syntax of Export GPG Private Key to a File
To export the GPG private key, use the “export-secret-keys” option with the “gpg” command by specifying the private key filename:
gpg --export-secret-keys [key-id] > private-key.asc
Here, the private key is stored in the “private-key.asc” file.
The step-by-step instructions to export the GPG private and public keys on Linux are given below:
Step 1: List All GPG Private and Public Keys
Before exporting the GPG private/public key, it is a good practice to check the existing keys. To list the GPG private/public keys, use the “gpg” command and the “list-keys” utility. To do so, execute the following command:
gpg --list-keys
It displays a list of all GPG keys and their corresponding usernames/uid. In our case, the current user id (uid) is “itslinuxfoss”.
Note: Identify the “username/uid” for the GPG key pair that will be helpful to export public and private keys.
Step 2: Export a GPG Private Key to a File
To export the GPG private key to the specified file, type the “gpg” command with the “export-secret-key” option. In addition, specify the username, such as “itslinuxfoss”, and the file name as “prv.key” in the following command:
gpg --export-secret-key -a itslinuxfoss > prv.key
This command exports the GPG private key to a file called “prv.key” in the working directory.
It navigates to the new pop-up window, which can be visualized as below:
Enter the GPG passphrase (a password that users set when creating or importing a GPG key in Linux) to complete this command and hit the “OK” button.
Step 3: Verify the Exported Private Key to a File
To visualize the exported GPG private key, utilize the “cat” command by specifying the filename. In our case, the filename is “prv.key”:
cat prv.key
The output shows that the GPG private key has been exported successfully via the “cat” command in Linux.
Step 4: Export the GPG Public Key to a File
To export the GPG public key, use the “gpg” command with the “export” option by specifying the “key-id” and filename. For instance, “itslinuxfoss” and “pub.key” are specified to export the GPG public key:
gpg --export -a itslinuxfoss > pub.key
This command exports the GPG public key to a file called “pub.key” in the current directory.
Note: Users can also save the exported key to a file named “.asc” or “.txt” format.
Step 5: Verify the Exported GPG Public Key to a File
To verify the exported public key, utilize the “cat” command by specifying the file name as “pub.key” in the below command:
cat pub.key
The output shows that the GPG public key has been successfully exported to the “pub.key” file.
Bonus Tip: Export GPG Private/Public Keys (ASCII Format)
To export GPG private keys to a file in ASCII format, users can utilize the same above-mentioned command with the “a” option and specify filename:
gpg --export-secret-keys -a > secret-keys.asc
In this way, the GPG private key has been exported in ASCII format.
It pops up a new interface that requires a password at the time of GPG key creation. After inserting the key, hit the “OK” button:
Press the “OK” button to confirm the GPG key exporting process.
Users can also use the “-a” option with the “gpg” command to export GPG public keys to a file in ASCII format:
gpg --export -a > public-keys.asc
Finally, GPG private/public keys have been exported successfully.
How to Import a GPG Key Pair (Private/Public Keys) to a File on Linux?
To import the GPG private/public keys (key pair) to a file, utilize the “gpg” command with the “import” options along with the filename. If users have a GPG key pair (private/public keys) and want to import to a file, follow these instructions:
Let us import the GPG private and public keys to a file on Linux.
Import GPG Private Key
First, navigate to the directory where key files are found. Then, use the “gpg” command with the “import” option by mentioning the filename to import the private key. You may be prompted to enter the passphrase to unlock the key:
gpg --import prv.key
In this way, the GPG private key has been imported into the “prv.key” file.
Import GPG Public Key
Now, use the “gpg” command to import the GPG public key in the “pub.key” file. For instance, users may be asked to confirm the key:
gpg --import pub.key
Finally, the users can confirm that the GPG public key has been imported.
Verification
To verify GPG public keys in Linux have been imported or not, use the “gpg” command with the “list-keys” option:
gpg --list-keys
Now, you have imported and exported the GPG key pair to a file. You can use these files to backup, restore, or transfer your keys to another device.
How to Generate a GPG (Private/Public) Key Pair on Linux?
The public key is feasible and can be shared with any users, on the other hand, the private key is kept secret. To generate a (private/public) key pair in Linux command, execute the “ssh-keygen -t rsa” command. It generates an RSA key pair. Users can also specify a different algorithm, such as “ssh-keygen -t ed25519” for Ed25519 keys.
To explore in detail with step-by-step instructions, check out our guide on “Generate a Public-Private Key Pair on Linux”.
How to Back Up/Restore GPG (Public/Private) Keys on Linux?
One of the most important aspects of using GPG is to back up and restore your keys, in case you lose them or need to transfer them to another device. Here are the instructions to do that on Linux:
Backup GPG Keys (Public/Private)
To backup GPG keys to a file, use the “gpg” command with the “export-options” along with filenames. It will create backup files in the current directory. For instance, use the “public.gpg” and “private.gpg” filenames for backup:
gpg --export --export-options backup --output public.gpg # Backup Public Key
gpg --export-secret-keys --export-options backup --output private.gpg # Backup Private Key
This file contains private and public keys.
Restore GPG Keys (Public/Private)
To restore the above exported GPG keys, use the “ls” command with the “hl” option by specifying the extension as “.gpg”:
ls -hl *.gpg
It lists the private as well as public keys. Users should keep this file in a safe place, such as an external drive or a cloud storage service, and protect it with a strong passphrase.
Conclusion
To export a GPG private and public key to a file, execute the “gpg –export-secret-key -a <key_id> > private.key” and “gpg –export -a <key_id> > public.key” commands. Before it, users ensure that GPG keys have been generated that can be visualized through the “gpg –list-keys” command. Moreover, users can backup and restore GPG private and public keys to a file in Linux. This guide has illustrated the step-by-step procedure to export the GPG private and public keys to the file.
