Keeping public keys in sync / symlinking ~/.gnupg
I'd welcome thoughts on the best way to:
- keep public keys in sync across multiple macOS machines; and
- create an archive of public key capable of being exported into CanaryMail for iOS.
(Private keys are out of scope of this.)
I've looked at the forum and can see that this has come up a number a times. I have also reviewed the options here https://gpgtools.tenderapp.com/kb/gpg-keychain-faq/backup-or-transf... and none quite do what I want.
I cannot rely on keyserver lookups, as not all my recipients' public keys are on keyservers.
I would rather not rely on remembering to import the keys manually on each device since, realistically, I'm going to forget.
I can get all the machines in sync manually to begin with, if that would help.
Thoughts:
-
move ~/.gnupg to a location which gets synchronised, and then symlink it back to ~/.gnupg, so it is still available where GPGTools expects it. (This should deal with the macOS side of things; creating a CanaryMail export would still be a second step, perhaps done manually)
-
something using the gpg list/export options, which will export all public keys, then diff/merge them into the "last export" file, before deleting all current public keys and reimporting them from this updated file
Any suggestions / recommendations from others?
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Luke Le on 27 Jul, 2020 09:03 AM
Hi Neil,
you are certainly best off using the
~/.gnupg
symlink method on macOS. Not sure what you mean in regards to CanaryMail, is that not capable to import public keys in ASCII format contained in a .asc/.gpg file?The diff method is definitely the most error prone method to handle this. If you really only want to synchronize the public keys, you can also just symlink
~/.gnupg/pubring.kbx
. We generally recommend however, to symlink the entire folder, so the trustdb is also properly synchronized across computers.Hope that helps.
2 Posted by Neil on 27 Jul, 2020 11:42 AM
Thanks — I'll give it a go.
It is; all I meant was that I'll need to remember to do this manually, since I won't be able to automate this bit.
Thanks, as always, for your help.
Steve closed this discussion on 27 Jul, 2020 12:28 PM.