amit bhalerao wrote: > Hi , > > We have just completed the migration of the application from 1 > AIX box to another and have changed the encryption from PGP to GPG. > Since there are many external vendors involved the process is bit > tedious following up with vendor to change keys.
Vendor follow-up? It should have been transparent to an external entity.
> Just wanted to confirm in case if we move the application from 1
> AIX box to another :
> 1. Do we have to create a new GPG keys on new machine and send it
> to vendor and repeat the tedious process again everytime we move to
> new machine?
All that is necessary is to binary copy the *.gpg files (pubring.gpg;
secring.gpg; trustdb.gpg; and trustedkeys.gpg, if it exists) along with gpg.conf
from the GnuPG home directory (usually ~/.gnupg) on one machine to the new
machine.
> 2. Is there any way we can migrate GPG keys from old box to new box
> without following up with vendors to change key at their end?
> If anyone has done before please let me know.
See Above. As a rule,GnuPG keyring files are binary-compatible across OS
versions. The same applies to PGP keyring files (pubring.pkr & secring.skr).
There should really be no need to change to a new key unless the old key expires
or is compromised. (You *DO* have revocation certs generated and safely stored
off-machine "just in case", right?)
Since you mentioned you changed from PGP to GnuPG above, you can migrate all
your PGP keys to GnuPG usually simply by importing the keyrings:
gpg --import secring.skr
gpg --import pubring.pkr
Imported keypairs will need to be set to 'Ultimate Trust' in GnuPG;
this is called 'Implicit Trust' in PGP.
--
John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet
Golden Bear Networks PGP/GPG KeyID: 0x608D2A10
"Be who you are and say what you feel because those who mind don't matter
and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go"
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
