Skip to content

Instantly share code, notes, and snippets.

@elliotwutingfeng

elliotwutingfeng/GPG_credentials_Manjaro.md

Created January 6, 2024 02:17
Show Gist options
  • Save elliotwutingfeng/c3797c9e59a09946c053620a36a8cd75 to your computer and use it in GitHub Desktop.
Save elliotwutingfeng/c3797c9e59a09946c053620a36a8cd75 to your computer and use it in GitHub Desktop.
Download ZIP
Retrieving GPG credentials from old Manjaro installation
Raw
GPG_credentials_Manjaro.md

Retrieving GPG credentials from old Manjaro installation

So it was time for a clean install on a larger SSD as my old system became completely unbootable (persistent initramfs uncompression error 😧).

However, I did not back up my GPG credentials 🤦.

I learned that retrieving them from the old system drive via chroot was technically possible but not a straightforward process.

Chroot as a regular user

  • Login to new Manjaro OS, run yay -S manjaro-tools-base.

  • Put old Manjaro OS drive in external enclosure, plug it in.

  • Chroot into old Manjaro OS drive and within it, login as regular user.

    sudo manjaro-chroot -a
su - username42 # where `username42` is your regular username

  • You should now be in /home/username42/ on the old drive.

Exporting the public key and encrypted private keys

The following steps are based on https://www.howtogeek.com/816878/how-to-back-up-and-restore-gpg-keys-on-linux.

  • Run gpg --list-secret-keys --keyid-format LONG, you should see your GPG key pair.

  • Run gpg --export --export-options backup --output public.gpg, then exit the chroot environment and close the terminal.

Note: Apparently exporting secret keys to a private.gpg does not work from a chroot environment, even as a regular user. Error was error receiving key from agent: Inappropriate ioctl for device - skipped, anyone know how to overcome this?

Importing the public key and encrypted private keys

  • On your main machine, copy public.gpg from the old drive to your new drive.

  • Also copy the encrypted private key files (*.key) from private-keys-v1.d from old drive's ~/.gnupg to new drive's ~/.gnupg folder.

  • On the new machine, run gpg --import public.gpg

  • Your GPG credentials should now be ready to use on your new machine.

Backing up your GPG credentials for easy restoration

To avoid this messy situation, always back up your GPG credentials on your existing system when it is still healthy and accessible.

gpg --export --export-options backup --output public.gpg
gpg --export-secret-keys --export-options backup --output private.gpg
gpg --export-ownertrust >> trust.gpg

Copy these 3 files public.gpg private.gpg trust.gpg to somewhere safe (like an external drive or NAS).

You can import them on a new machine by running

gpg --import public.gpg
gpg --import private.gpg # Prompts you to type the passphrase that you used when you first created the GPG key.
gpg --import-ownertrust trust.gpg

If you need to sign commits using your existing GPG key on your new machine, see https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment