Skip to main content

Import and export a GPG secring

A GPG secring (or secret keyring) stores private keys used for decrypting messages and signing data. In modern GPG versions, private keys are securely managed within the same keyring structure as public keys, providing enhanced protection and ease of use.

Before you import a GPG secring

Review the following statements:

  • Supported formats include .gpg and .asc.

  • Supported algorithms include ECDSA NIST P-384, ECDSA NIST P-256, EdDSA25519, RSA-3072, RSA-4096, and RSA-2048.

  • Maximum file size for a secring is 100KB.

  • Secrings are imported as Open access, Production category, and Offline status. Once a secring is imported, you can change these settings.

  • Secrings may not be imported if the master keypair is revoked or expired; if the file contains multiple secrings; if the master private key is empty; the user ID for the master key does not include the person's name and email address; or if the key size, algorithm, or curve is not supported.

  • Subkeys will be imported with reduced permission if they have any permissions not supported by Software Trust. The import system will ignore subkeys that are not valid.

Import a GPG secring

  1. In the Software Trust menu, go to Keypairs > GPG keypairs.

  2. Above the table, select the vertical ellipses, and then select Import secring.

  3. Upload the keyring file.

  4. Enter the password protecting the secring, and then select Next.

  5. Enter an alias for each master key and subkey, and then select Import.

Export a GPG secring

Nota

To perform this action, you must be assigned to the Team lead user role.

Nota

For security reasons, you should keep your GPG secrings in Software Trust. Exporting a secring adds a layer of risk that your key will be compromised. If you must export a GPG secring, be sure you can store it securely.

    To export a GPG secring:

    1. In the Software Trust menu, go to Keypairs > GPG keypairs.

    2. Locate and hover over the Master key associated with the secring you want to export.

    3. Select ⁝ > Export secring.

    4. Select Next, and then select Request.

    Once the approvers make a decision, you will receive an email telling you whether your request was approved or rejected.

    1. The approver for this keypair receives your request for export. If a team manages this keypair, you may need multiple approvals before exporting it.

    2. In the approval email, select Download. A browser window will open with a passcode on it.

    3. Select Download.

      Atenção

      If you lose your passcode, then you must begin this process (including approvals) from the start.

    Revoke a GPG secring

    1. In the Software Trust menu, go to Keypairs > GPG keypairs.

    2. Hover over the master key that is associated with the secring you want to revoke, and then select the vertical ellipses.

    3. Select Revoke master key.

    4. Complete the missing fields, and then select Revoke.

    5. In the GPG keypairs page, the master key's Status will be updated to Revoked.

    Nesta secção: