Skip to main content

Import and export a GPG secring

A GPG secring (or secret keyring) stores private keys used for decrypting messages and signing data. In modern GPG versions, private keys are securely managed within the same keyring structure as public keys, providing enhanced protection and ease of use.

Import a GPG secring

  1. Sign in to DigiCert ONE.

  2. Select the Manager menu (top right) > Software Trust.

  3. Navigate to: Keypairs > GPG keypairs.

  4. Above the table of keys, select the options button (three dots). In the dropdown menu, select Import secring.

  5. Drag the keyring file to the import box, or select the box to choose the file from your local environment.

  6. Enter the password protecting the secring. Select Next.

  7. Enter an alias for each master key and subkey. Select Import.

Note

  • Supported formats include .gpg and .asc.

  • Supported algorithms include ECDSA NIST P-384, ECDSA NIST P-256, EdDSA25519, RSA-3072, RSA-4096, and RSA-2048.

  • Maximum file size for a secring is 100KB.

  • Secrings are imported as Open access, Production category, and Offline status. Once a secring is imported, you can change these settings.

  • Secrings may not be imported if the master keypair is revoked or expired; if the file contains multiple secrings; if the master private key is empty; the user ID for the master key does not include the person's name and email address; or if the key size, algorithm, or curve is not supported.

  • Subkeys will be imported with reduced permission if they have any permissions not supported by DigiCert​​®​​ Software Trust Manager. The import system will ignore subkeys that are not valid.

Export a GPG secring

Tip

We recommend keeping your GPG secrings in Software Trust Manager. Exporting a secring adds a layer of risk that your key will be compromised. If you must export a GPG secring, be sure you can store it securely.

To export a GPG secring:

  1. Sign in to DigiCert ONE.

  2. Select the Manager menu (top right) > Software Trust.

  3. Navigate to Keypairs > GPG keypairs.

  4. Identify the Master key associated with the secring you want to export.

  5. Hover over the desired alias, and then select the vertical ellipses.

  6. Select ⁝ > Export secring.

  7. Optional: Enter a reason for the export.

  8. Select Next.

Once the approvers make a decision, you will receive an email telling you whether your request was approved or rejected.

  1. The approver for this keypair receives your request for export. If a team manages this keypair, you may need multiple approvals before exporting it.

  2. In the approval email, select Download. A browser window will open with a passcode on it.

  3. Select Download.

    Warning

    WARNING: If you lose your passcode, then you must begin this process (including approvals) from the start.