Second Serie | Part 12 : Export and import public and private keys
It has been some time since I have not written here. Let’s come back.
You know why you should protect your communications and the basics of it.
You have also:
- Part 8 : Sign files
- Part 9 : Encrypt files
- Part 10 : GPG Conf’
- Part 11 : Some details about keys and maths
- Part 12 : Export and import public and private keys
- Part 13 : Various security aspects
- Part 14 : Publish a signing policy
- Part 15 : Using gpg in command line
- Part 16 : Going to a gpg signing party
If you wish to read and write mails on several devices, you have to export your private keys on them. Here we go.
Export keys, …
… the private ones.
As I told you in the previous article, when you export a key, you actually write it (very large numbers, which algorithms to use and their parameters) on a virtual sheet of paper.
So, the key exists now as a text file, with .gpg or .asc extension, depending on your gpg conf'.
You can then use your key on several devices, for example more than one computer. You first have to export the private key from the computer where you created it, then import on all devices you wish to use it on. To transport the key between the devices, you can use a usb stick, a network share or anything else.
Export your private key allows anyone who would get their hands on to read your crypted mails and sign something on your behalf. It can be positive (I think of your spouse, secretary or a trusted person), but it is much more probable that it will be negative.
Thus, if you export your private key, you ought to protect it by a passphrase. You should also protect its support (if a usb stick for example). If you export your key on a smartphone or a computer, I assume you have taken the precaution to set a password, a PIN code or another protection mesure. But a usb stick is not protected. Therefore it is the gpg key that should be protected there.
Kgpg
First select the private key to export. Right click > export the private key.
As it is expected, the computer tells you about the safety of your key, in a sligthly intimidating way.
Clik on Next. A typical files dialog box shows up and asks you where to export the key and what name to give the file itself. That’s all.
Kleopathra
Same procedure as Kgpg: select the key, right click > Export private keys…, set the filename. You should also select the ASCII armor option just below the filename field.
Enigmail
Enigmail exports private and public keys with the same process.
In the keys manager, select the key you wish to export. Then, either:
- File > Export the key in a file
- right click > Export the key in a file
A dialog box will ask you if you want to have the private key with or not, and where to save the key.
… the public ones
Export your public key as a file is, as a general rule, really easy.
You might have a lot more public keys than private ones. You have first this tutoriel’s key and those of your pals.
The public key is yours or not does not matter, the process stays the same.
Kgpg
Select the public key you wish to export.
You can then, either do a right click on it and select Export the public key. Or you can use the Export the public key option at the top of the application window.
You will see a dialog box with several possibilities including email, servers and file, with a field for a complete filename (with the path).
You just have to use the correct option, give a good name to the file, and it’s alright.
Kleopathra
Select the key you wish to export. Then, either:
- File > Export certificates
- Right click > Export certificates
- Use the button Export certificates on the top of the window.
A dialog box will appear asking you were to put the file.
Enigmail
As said before, it is the same operation for exporting public or private key with Enigmail.
In the keys manager, select the key you wish to export. Then either:
- File > Export the key as a file
- Right click > Export the key as a file
A dialog box will appear asking you were to put the file.
Import keys
Import keys is always the same operation, no matter they are private or public.
There is some chance you can import them simply by « openning » the file itself. So, by selecting it with the usual double click, or a right click and then open with… and the software you wish to use.
Kgpg
Either use the button Import a key at the top of the window, or use the menu Keys just under, then Import a key in the bottom of the options list.
Kleopathra
You have to use the button at the top right Import certificates. This will open a dialog box to search and select the file containing your key.
Enigmail
In the keys manager, you have to use File > Import a key from a file.