Background: My boss has tried exporting an ASC key to me with public and private parts but whenever I get the file the private part never loads up and it won't decrypt any files.
We have tried Exporting the ASC Key using:
Windows Application GNU Privacy Assistant (included in gpg4win)
Error: "Decryption failed. Secret Key Not available."
How do you properly export a secret or private asc key to decrypt gpg files?
You can export the private key with the command-line tool from GPG. It works on the Windows-shell. Use the following command:
gpg --export-secret-keys
A normal export with --export will not include any private keys, therefore you have to use --export-secret-keys.
Edit:
To sum up the information given in my comments, this is the command that allows you to export a specific key with the ID 1234ABCD to the file secret.asc:
gpg --export-secret-keys --armor 1234ABCD > secret.asc
You can find the ID that you need using the following command. The ID is the second part of the second column:
gpg --list-keys
To Export just 1 specific secret key instead of all of them:
gpg --export-secret-keys keyIDNumber > exportedKeyFilename.asc
keyIDNumber is the number of the key id for the desired key you are trying to export.
All the above replies are correct, but might be missing one crucial step, you need to edit the imported key and "ultimately trust" that key
gpg --edit-key (keyIDNumber)
gpg> trust
Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)
1 = I don't know or won't say
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu
and select 5 to enable that imported private key as one of your keys
See the treatment by Dark Otter
https://montemazuma.wordpress.com/2010/03/01/moving-a-gpg-key-privately/
If the site is down use reference the archive.org backup:
which includes a reasonably secure way to transfer keys. You could put that recommendation into shell-scripts shown below for repeated use.
First get the KEYID you want from the list shown by
$ gpg -K
From the resulting list note the KEYID (the 8 hexadecimals following sec) you need for transfer.
Then envoke the tested shell scipts "export_private_key" on the first account and generate your pubkey.gpg + keys.asc. Subsequently invoke on the second account "import_private_key". Here is their content shown with cat (copy & paste content):
$ cat export_private_key
gpg -K
echo "select private key"
read KEYID
gpg --output pubkey.gpg --export $KEYID
echo REMEMBER THE COMING PASS-PHRASE
gpg --output - --export-secret-key $KEYID | \
cat pubkey.gpg - | \
gpg --armor --output keys.asc --symmetric --cipher-algo AES256
ls -l pubkey.gpg keys.asc
#################### E X P O R T _ P R I V A T E _ K E Y #####################
Now tranfer by some means the "pubkey.gpg" (if needed) and the private "keys.asc" to the second account and envoke the below-shown program.
$ cat import_private_key
gpg --no-use-agent --output - keys.asc | gpg --import
################### I M P O R T _ P R I V A T E _ K E Y ######################
In Otter's spirit "And that, should be, that".
this ended up working for me:
gpg -a --export-secret-keys > exportedKeyFilename.asc
you can name keyfilename.asc by any name as long as you keep on the .asc extension.
this command copies all secret-keys on a user's computer to keyfilename.asc in the working directory of where the command was called.
To Export just 1 specific secret key instead of all of them:
gpg -a --export-secret-keys keyIDNumber > exportedKeyFilename.asc
keyIDNumber is the number of the key id for the desired key you are trying to export.
Similar to @Wolfram J's answer, here is a method to encrypt your private key with a passphrase:
gpg --output - --armor --export $KEYID | \
gpg --output private_key.asc --armor --symmetric --cipher-algo AES256
And a corresponding method to decrypt:
gpg private_key.asc
1.Export a Secret Key (this is what your boss should have done for you)
gpg --export-secret-keys yourKeyName > privateKey.asc
2.Import Secret Key (import your privateKey)
gpg --import privateKey.asc
3.Not done yet, you still need to ultimately trust a key. You will need to make sure that you also ultimately trust a key.
gpg --edit-key yourKeyName
Enter trust, 5, y, and then quit
Source: https://medium.com/@GalarnykMichael/public-key-asymmetric-cryptography-using-gpg-5a8d914c9bca
