DOKK / manpages / debian 11 / gfsecret / gfsec-split-gpg.1.en
GFSEC-SPLIT-GPG(1) Gfsecret Manual GFSEC-SPLIT-GPG(1)

gfsec-split-gpg - Split a GnuPG primary private key

gfsec-split [-h|--help] [-v|--version] [-u|--user-id id] [-k|--keep] [-c|--config file] [-i|--interactive] [-n|--threshold N] URI...

gfsec-split-gpg is a wrapper script around gfsec-split to facilitate splitting a GnuPG private primary key into a number of shares and dispatching the resulting shares onto external storage supports.

The split key can then be temporarily reconstructed gfsec-use(1).

Display the help message.
Display the version message.
Split the primary key associated with the specified OpenPGP User ID. This option is only needed if the GnuPG private keyring contains more than one primary private key.
By default, gfsec-split-gpg will remove the key from the GnuPG keyring once it has been successfully split. Use this option to prevent the key from being removed.
Write the configuration file (allowing to reconstruct the secret with gfsec-use(1) ) to the specified file. Default is $XDG_CONFIG_HOME/gfsecret/masterkey.conf. If FILE is a single filename without extension and without a directory part, the file will be placed under the $XDG_CONFIG_HOME/gfsecret directory with a .conf extension.
Present the user with an interactive menu to specify the shares to create.
Specify the minimal number of shares required to re-assemble the split file. Default is 2.

This script will only work with GnuPG 2.1 or higher. It will abort before attempting anything if it cannot detect a binary for the correct GnuPG version.

gfsec-split-gpg alice \


  file:///home/alice/.local/share/gfsecret/mykey \


  label://USBSTICK/mykey \


  mtp://RF2GB6X704P/Documents/mykey \

The above example will split Alice's primary private key into three shares: one on the local filesystem, one on the USB mass storage device with the label USBSTICK, and one on the MTP-compliant device with the serial RF2GB6X704P. A configuration file will be written in $XDG_CONFIG_HOME/gfsecret/mysecret allowing to automatically reconstruct the file with gfsec-use(1) provided at least one of the two removable supports are present.

Report bugs to Damien Goutte-Gattat.

gfsec-split(1), gfsec-use(1)

Copyright © 2017 Damien Goutte-Gattat

This program is released under the GNU General Public License. See the COPYING file in the source distribution or http://www.gnu.org/licenses/gpl.html.

2017-08-26 gfsecret 0.4.6