How to share GPG key from remote host to local host without writing the key to a file

Issue

I guess that what I want is a GPG equivalent to the ssh-copy-id function from SSH. Here is what I have tried, along with the output that I have recieved:

[email protected]:~$ ssh [email protected] gpg --export-secret-key A32D835B51CAF93AD264826E2C7AE63B68CDAB22 | gpg --import
gpg: directory '/home/foo/.gnupg' created
gpg: keybox '/home/foo/.gnupg/pubring.kbx' created
gpg: key F0A27839C3F40D2B42172A28124E5F88293B3719: error receiving key from agent: Inappropriate ioctl for device - skipped  
gpg: key 61322A2DACD3C52D35086D123704A5559C3E0456: error receiving key from agent: Inappropriate ioctl for device - skipped
gpg: WARNING: nothing exported
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

For the record, here is the link to a relevant old SO question:
How to transfer pgp private key to another computer?

UPDATE: I attempt to leverage –passphrase/–pinentry switches as suggested in the answer given by user ahi324. Here’s how it looks:

[email protected]:~$ stty -echo && ssh [email protected] "gpg --batch --passphrase-fd 0 --pinentry loopback --export-secret-key A32D835B51CAF93AD264826E2C7AE63B68CDAB22" | gpg import; stty echo
gpg: WARNING: no command supplied.  Trying to guess what you mean ...
gpg: can't open 'import'
gpg: key F0A27839C3F40D2B42172A28124E5F88293B3719: error receiving key from agent: No passphrase given - skipped
gpg: key 61322A2DACD3C52D35086D123704A5559C3E0456: error receiving key from agent: No passphrase given - skipped
gpg: WARNING: nothing exported

Indeed, the execution appears to get "stuck in limbo" after the appearance of output gpg: WARNING: no command supplied. Trying to guess what you mean .... Only after I hit Enter on the keyboard does the execution run to completion.

Solution

The errors you’re receiving (error receiving key from agent: Inappropriate ioctl for device - skipped) indicate that your secret key is passphrase protected and that your GPG passphrase agent isn’t compatible through SSH, which most aren’t.

Three options come to mind:

  • Initiate the export from the source host (to facilitate interactive passphrase entry);
  • Leverage --passphrase/--pinentry switches (as suggested in the post your reference); e.g., stty -echo && ssh "$host" "gpg --batch --passphrase-fd 0 --pinentry loopback -a --export-secret-key '$key'" | gpg --import; stty echo; or,
  • Remove passphrase protection from the key (not necessarily desirable).

Answered By – ahi324

This Answer collected from stackoverflow, is licensed under cc by-sa 2.5 , cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply

(*) Required, Your email will not be published