gfsec-split-gpg(1)

Split a GnuPG primary private key

Section 1 gfsecret bookworm source

Description

GFSEC-SPLIT-GPG

NAME

gfsec-split-gpg - Split a GnuPG primary private key

SYNOPSIS

gfsec-split [-h|--help] [-v|--version] [-u|--user-id id] [-k|--keep] [-c|--config file] [-i|--interactive] [-n|--threshold N] URI...

DESCRIPTION

gfsec-split-gpg is a wrapper script around gfsec-split to facilitate splitting a GnuPG private primary key into a number of shares and dispatching the resulting shares onto external storage supports.

The split key can then be temporarily reconstructed gfsec-use(1).

OPTIONS

-h, --help

Display the help message.

-v, --version

Display the version message.

-u, --user-id uid

Split the primary key associated with the specified OpenPGP User ID. This option is only needed if the GnuPG private keyring contains more than one primary private key.

-k, --keep

By default, gfsec-split-gpg will remove the key from the GnuPG keyring once it has been successfully split. Use this option to prevent the key from being removed.

-c, --config file

Write the configuration file (allowing to reconstruct the secret with gfsec-use(1) ) to the specified file. Default is $XDG_CONFIG_HOME/gfsecret/masterkey.conf. If FILE is a single filename without extension and without a directory part, the file will be placed under the $XDG_CONFIG_HOME/gfsecret directory with a .conf extension.

-i, --interactive

Present the user with an interactive menu to specify the shares to create.

-n, --threshold N

Specify the minimal number of shares required to re-assemble the split file. Default is 2.

NOTES

This script will only work with GnuPG 2.1 or higher. It will abort before attempting anything if it cannot detect a binary for the correct GnuPG version.

EXAMPLE INVOCATION

gfsec-split-gpg alice \
file:///home/alice/.local/share/gfsecret/mykey \
label://USBSTICK/mykey \
mtp://RF2GB6X704P/Documents/mykey \

The above example will split Alice’s primary private key into three shares: one on the local filesystem, one on the USB mass storage device with the label USBSTICK, and one on the MTP-compliant device with the serial RF2GB6X704P. A configuration file will be written in $XDG_CONFIG_HOME/gfsecret/mysecret allowing to automatically reconstruct the file with gfsec-use(1) provided at least one of the two removable supports are present.

REPORTING BUGS

Report bugs to Damien Goutte-Gattat.

SEE ALSO

gfsec-split(1), gfsec-use(1)

COPYRIGHT

Copyright © 2017 Damien Goutte-Gattat

This program is released under the GNU General Public License. See the COPYING file in the source distribution or http://www.gnu.org/licenses/gpl.html.