How to Export Private / Secret ASC Key to Decrypt GPG Files

Question

Background: My boss has tried exporting an ASC key to me with public and private parts but whenever I get the file the private part never loads up and it won't decrypt any files.

We have tried Exporting the ASC Key using:

• Windows Application Kleopatra 2.1 (included in gpg4win)

• Windows Application GNU Privacy Assistant (included in gpg4win)

  Error: "Decryption failed. Secret Key Not available." 
  

How do you properly export a secret or private asc key to decrypt gpg files?

Answer 1

The accepted answer is probably perfect on Unix, but on Windows, I had to use the --output command line option, because otherwise Powershell was messing up the output file created with the > redirect. It was changing it to UTF-16 or something.

So:

PS> gpg --output secret.key --export-secret-key 1234ABC

Where 1234ABC is standing in for the key ID. Note: the --output option must come before the --export-secret-key part.

The errors on the other side (macOS for me) looked like:

> gpg --import secret.key                                                           
gpg: [don't know]: partial length invalid for packet type 63
gpg: read_block: read error: Invalid packet
gpg: import from 'secret.key' failed: Invalid keyring
gpg: Total number processed: 0

Answer 2

Similar to @Wolfram J's answer, here is a method to encrypt your private key with a passphrase:

gpg --output - --armor --export $KEYID | \
    gpg --output private_key.asc --armor --symmetric --cipher-algo AES256

And a corresponding method to decrypt:

gpg private_key.asc

Answer 3

this ended up working for me:

gpg -a --export-secret-keys > exportedKeyFilename.asc 

you can name keyfilename.asc by any name as long as you keep on the .asc extension.
this command copies all secret-keys on a user's computer to keyfilename.asc in the working directory of where the command was called.

To Export just 1 specific secret key instead of all of them:

gpg -a --export-secret-keys keyIDNumber > exportedKeyFilename.asc

keyIDNumber is the number of the key id for the desired key you are trying to export.

Answer 4

See the treatment by Dark Otter

https://montemazuma.wordpress.com/2010/03/01/moving-a-gpg-key-privately/

If the site is down use reference the archive.org backup:

https://web.archive.org/web/20170518155052/https://montemazuma.wordpress.com/2010/03/01/moving-a-gpg-key-privately/

which includes a reasonably secure way to transfer keys. You could put that recommendation into shell-scripts shown below for repeated use.

First get the KEYID you want from the list shown by

$ gpg -K

From the resulting list note the KEYID (the 8 hexadecimals following sec) you need for transfer.

Then envoke the tested shell scipts "export_private_key" on the first account and generate your pubkey.gpg + keys.asc. Subsequently invoke on the second account "import_private_key". Here is their content shown with cat (copy & paste content):

$ cat export_private_key 
gpg -K
echo "select private key"
read KEYID
gpg --output pubkey.gpg --export $KEYID
echo REMEMBER THE COMING PASS-PHRASE
gpg --output - --export-secret-key $KEYID | \
   cat pubkey.gpg - | \
   gpg --armor --output keys.asc --symmetric --cipher-algo AES256
ls -l pubkey.gpg keys.asc
####################  E X P O R T _ P R I V A T E _ K E Y  #####################

Now tranfer by some means the "pubkey.gpg" (if needed) and the private "keys.asc" to the second account and envoke the below-shown program.

$ cat import_private_key 
gpg --no-use-agent --output - keys.asc | gpg --import
###################  I M P O R T _ P R I V A T E _ K E Y  ######################

In Otter's spirit "And that, should be, that".

Answer 5

You can export the private key with the command-line tool from GPG. It works on the Windows-shell. Use the following command:

gpg --export-secret-keys

A normal export with --export will not include any private keys, therefore you have to use --export-secret-keys.

Edit:

To sum up the information given in my comments, this is the command that allows you to export a specific key with the ID 1234ABCD to the file secret.asc:

gpg --export-secret-keys --armor 1234ABCD > secret.asc

You can find the ID that you need using the following command. The ID is the second part of the second column:

gpg --list-keys

To Export just 1 specific secret key instead of all of them:

gpg --export-secret-keys keyIDNumber > exportedKeyFilename.asc

keyIDNumber is the number of the key id for the desired key you are trying to export.

Answer 6

1.Export a Secret Key (this is what your boss should have done for you)

gpg --export-secret-keys yourKeyName > privateKey.asc

2.Import Secret Key (import your privateKey)

gpg --import privateKey.asc

3.Not done yet, you still need to ultimately trust a key. You will need to make sure that you also ultimately trust a key.

gpg --edit-key yourKeyName

Enter trust, 5, y, and then quit

Source: https://medium.com/@GalarnykMichael/public-key-asymmetric-cryptography-using-gpg-5a8d914c9bca

Answer 7

All the above replies are correct, but might be missing one crucial step, you need to edit the imported key and "ultimately trust" that key

gpg --edit-key (keyIDNumber)
gpg> trust

Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)

  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu

and select 5 to enable that imported private key as one of your keys

Answer 8

I think you had not yet import the private key as the message error said, To import public/private key from gnupg:

gpg --import mypub_key
gpg --allow-secret-key-import --import myprv_key