I’m studying about key administration, encryption and GPG for provenance (verifying authorship). Utilizing DevDungeon’s GPG Tutorial I discovered that to export your GnuPG non-public key to your native pc, you employ this command:
$ gpg --export-secret-keys --armor XXX > ./my-priv-gpg-key.asc (the place XXX is your distinctive hexadecimal identifier). Yesterday I used this command to generate the key plain textual content secret key which I moved to chilly storage. However at this time I invoked the identical gpg command and entered the identical passphrase which generated a brand new plain textual content secret key. I in contrast the 2 (yesterday’s key and at this time’s key) utilizing the identical utility I exploit to view adjustments made to supply code in git (p4merge). I seen that the 2 gpg keys are barely completely different. Roughly half is similar and the opposite half is model new.
Now for my uber naive questions: It is a dangerous thought, appropriate? If that’s the case, might somebody make clear why this can be a dangerous thought? Ought to I solely use the primary one and delete the second? Or is it completely alright for me to make use of both one going ahead? Which one ought to I exploit?
I Googled ‘producing duplicate gpg non-public keys’ and related search phrases however I had a tough time discovering a dialogue concerning my questions above. I additionally Googled ‘managing a number of non-public keys gnupg’ which turned up hyperlinks to the official GnuPG guide on the subject of Key Administration which was fascinating however doesn’t reply my questions particularly.