2022-01-05
GPG, short for GNU Privacy Guard, is a free cryptographic software suite. Lots of important sofware relies on it.
Personally, I use pass,
“the standard unix password manager” to manage my passwords and it works
a treat. Under the hood, pass uses gpg. This
lets me use my terminal as a password manager.
There’s a great Android app which implements the same pass “spec” . This app relies on openkeychain for GPG-key management. In their FAQs, they elegantly sum up how best to transfer your private key:
gpg --armor --gen-random 1 20gpg --armor --export-secret-keys YOUREMAILADDRESS | gpg --armor --symmetric --output mykey.sec.ascgpg --decrypt mykey.sec.asc | gpg --importThese steps will encrypt your secret keys symmetricly with a secure & one-time random password.
I’ve used magic-wormhole
in the past to transfer sensitive information from computer to computer.
It’s worked really well. If you’re paranoid about your keys (and it may
be worth being paranoid…), I’d look into using
magic-wormhole to move your encrypted private GPG keys
around. It’s really easy. Literally
wormhole send mykey.sec.asc.