Como fazer a correta transferência por cmd. alinhar chaves PGP em um novo computador [por exemplo, Tecla OpenPGP do Launchpad]

2

Eu gostaria de usar minha chave PGP do Launchpad para acessar meus PPAs do Launchpad em 2 computadores. Para fazer isso eu preciso transferir a chave para o outro computador Ubuntu. Eu encontrei muito pouco suporte em sites específicos do Ubuntu até agora.

Aqui está o que eu fiz no original computer :

$ gpg2 --fingerprint
/home/ubuntu-xenial/user/.gnupg/pubring.kbx
--------------------------------------------
pub   rsa2048/245FD525 2016-12-16 [SC]
      Key fingerprint = C64F 728F BF5D C5CE 357B  D1AE FC8F 1C1C 245F D525
uid         [ unknown] my_name <my_e-mail>
sub   rsa2048/4D0AABD3 2016-12-16 [E]

$ 
$ gpg2 --list-secret-keys
/home/ubuntu-xenial/user/.gnupg/pubring.kbx
--------------------------------------------
sec   rsa2048/245FD525 2016-12-16 [SC]
uid         [ unknown] my_name <my_e-mail>
ssb   rsa2048/4D0AABD3 2016-12-16 [E]

$ 
$ gpg2 --export -a 245FD525 > Launchpad-GPG-Public-Key.asc
$ gpg2 --export -a 245FD525 > Launchpad-GPG-Private-Key.asc
---> Enter secret passphrase
$ 

No new computer :

$ gpg2 --import Launchpad-GPG-Public-Key.asc
gpg: keybox '/home/ubuntu-xenial/user/.gnupg/pubring.kbx' created
gpg: /home/ubuntu-xenial/user/.gnupg/trustdb.gpg: trustdb created
gpg: key 245FD525: public key "my_name <my_e-mail>" imported
gpg: Total number processed: 1
gpg:               imported: 1
$ gpg2 --import Launchpad-GPG-Private-Key.asc.asc 
gpg: key 245FD525: "my_name <my_e-mail>" not changed
gpg: key 245FD525: secret key imported
gpg: Total number processed: 3
gpg:              unchanged: 1
gpg:       secret keys read: 3
gpg:   secret keys imported: 2
$ 
$ gpg2 --edit-key 245FD525
gpg (GnuPG) 2.1.11; Copyright (C) 2016 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

sec  rsa2048/245FD525
     created: 2016-12-16  expires: never       usage: SC  
     trust: unknown       validity: unknown
ssb  rsa2048/4D0AABD3
     created: 2016-12-16  expires: never       usage: E   
[ unknown] (1). my_name <my_e-mail>

gpg> trust
sec  rsa2048/245FD525
     created: 2016-12-16  expires: never       usage: SC  
     trust: unknown       validity: unknown
ssb  rsa2048/4D0AABD3
     created: 2016-12-16  expires: never       usage: E   
[ unknown] (1). my_name <my_e-mail>

Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)

  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu

Your decision? 5
Do you really want to set this key to ultimate trust? (y/N) y

sec  rsa2048/245FD525
     created: 2016-12-16  expires: never       usage: SC  
     trust: ultimate      validity: unknown
ssb  rsa2048/4D0AABD3
     created: 2016-12-16  expires: never       usage: E   
[ unknown] (1). my_name <my_e-mail>
Please note that the shown key validity is not necessarily correct
unless you restart the program.

gpg> <Ctrl><D>
$ 
$ gpg --list-keys [user]
gpg: checking the trustdb
gpg: public key of ultimately trusted key 245FD525 not found
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: error reading key: public key not found
$ 

Nesta fase, o processo ainda está incompleto e ainda não consigo usá-lo para assinar o envio de pacotes aos meus PPAs ...

    
por Antonio 05.03.2018 / 03:38

1 resposta

1

Depois de executar minhas anotações quando criei originalmente a chave PGP há alguns anos, encontrei esta resposta em Ask Ubuntu:

$ gpg --keyserver keyserver.ubuntu.com --recv-keys 245FD525
gpg: requesting key 245FD525 from hkp server keyserver.ubuntu.com
gpg: key 245FD525: public key "my_name <my_e-mail>" imported
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
$ gpg --no-default-keyring -a --export 245FD525 | gpg --no-default-keyring --keyring ~/.gnupg/trustedkeys.gpg --import -
gpg: keyring '/home/ubuntu-xenial/[user]/.gnupg/trustedkeys.gpg' created
gpg: key 245FD525: public key "my_name <my_e-mail>" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
$ gpg --list-keys [user]
pub   2048R/245FD525 2016-12-16
uid                  my_name <my_e-mail>
sub   2048R/4D0AABD3 2016-12-16
$ 

Agora, posso usar minha chave PGP do Launchpad no outro computador.

    
por Antonio 05.03.2018 / 03:38