Let's suppose that you bought a new computer and you want to move/copy your GnuPG key and you Pass repository to your new machine. That's how I did it:
Copy the GPG key from your other machine
If you have GPG 2.1 and newer you can run:
$ ssh OTHERHOST gpg --export-secret-keys \
--passphrase-fd=0 --pinentry-mode=loopback \
| gpg --import --batch --yes
If you (hopefully) have a password for you GPG private key, the command above expects the password will be given on STDIN (you can either type the password or redirect the input from a file via standard redirection - <
operator).
If you want to type the password but without echoing the characters in the terminal (sudo style) and your shell is bash or zsh (did not test is on other shells):
$ read -s pass && echo $pass\
| ssh OTHERHOST gpg --export-secret-keys \
--passphrase-fd=0 --pinentry-mode=loopback \
| gpg --import --batch --yes
In case the export is hanging (e.g. after you typed a wrong password), you may want to kill the GPG agent on the remote host and then try again:
$ ssh OTHERHOST killall gpg-agent
Now you should be able to list your key:
$ gpg --list-secret-keys GPG_ID
sec rsa3072 2020-06-03 [SC] [expires: 2022-06-03]
B01544902DFBC6EC847C15D448C4021B0064FA75
uid [ unknown] John Doe <john@doe.com>
ssb rsa3072 2020-06-03 [E] [expires: 2022-06-03]
You may notice the [ unknown]
status near your GPG ID. This is because you need to trust the key first:
$ gpg --edit-key GPG_ID
... output cut for brevity ...
gpg> trust
... output cut for brevity ...
Your decision? 5
Do you really want to set this key to ultimate trust? (y/N) y
... output cut for brevity ...
gpg> q
I used 5 (I trust ultimately) as my trust decision since it's my private key. If you run gpg --list-secret-keys
again you should now see [ultimate] instead of [ unknown], which means the key is trusted and can be used to sign.
Import the Pass repository
You can copy the Pass repository with SCP (since it's just a folder):
scp -r OTHERHOST:.password-store ~/.password-store
If you use a non-default directory, you may need to adjust the paths in the command above.
If you store your Pass repository in a private remote repository (Github, Bitbucket, GitLab) and you wish to import it you may want to do the following:
$ git clone REPO_URL ~/.password-store