Basic questions on gpg

This is not a question on manjaro (or even linux) specifically, but rather about a specific software, namely gpg. I hope it is OK to ask here anyway, and that I chose the right subforum.

I would like to use the password manager pass (pass - ArchWiki), because I like its idea of using standards like gpg and git. Basically it is just a frontend to gpg, so it stores passwords in gpg-encrypted files. In other words, adding a new password is the same as adding a new gpg-encrypted file and reading a password from the database is decrypting the respective file.

I haven’t used gpg before and have some basic questions on how it works. So according to GnuPG - ArchWiki I first created a key with gpg --full-gen-key. Now I have a new directory ~/.gnupg with a number of files in it. From several places I have read, that I have a private key, a public key, but also (?) subkeys for de-/encryption and maybe more.

My question is, what precisely I need when I want to share my password database across several devices, say my Laptop A, my Laptop B with OS 1 and and OS 2 and my Android phone. Would I just copy my ~/.gnupg folder over to all the other devices? Would I just copy specific files? Or would I create another keypair on each and every of my devices and configure them so that my passwords can be decrypted by each of these keys? Or do I only have to copy my password database and remember the gpg password?

I hope someone can answer these basic questions. I know there is lots of documentation on gpg, but such a use case is seldomly covered.


Don’t copy the folder.

If you want to be able encrypt/decrypt you need to export your private key and then import it on the new system (this will contain both private and public keys). If you wan to just decrypt encrypt, you only need to export the public key, and then import it on the new system.

On the new system, after importing, you need to sign and trust the keys.

To list your keys:
gpg -K

To export public/secret keys:
gpg --export <uid> > <filename>
gpg --export-secret-keys <uid> > <filename>

To import keys:
gpg --import <filename>

To sign and trust:
gpg --edit-key <uid>
this will start an interactive mode. You can type help or you can just issue trust and the program will ask for the level of trust you want to give to that key.

More detail in man gpg and many examples all over the net.

EDIT: you can also use a frontend. I personally use kgpg.

Actually, you need the private key to decrypt.

1 Like

Oops! you’re right. You encrypt using a public key and decrypt using your private key.

1 Like

Thank you!

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.