3

So I'm just trying to sign my LibreOffice documents digitally. I have generated my GPG key in a Debian WSL terminal using the gpg command line. Yet when I access my LibreOffice documents, File → Digital Signatures → Digital Signatures → Sign Documents, the key generated isn't available (none is shown).

I also tried to import the key from the WSL to Windows with Kleopatra but when I click on Import… and try to import the trustdb.gpg file located in /home/UserName/.gnupg/, it doesn't import anything at all (imported : 0).

Maybe there is something I misunderstood. I'd like to know if it's possible to import a GPG key from WSL to be used in Windows directly or to use it directly from the WSL, it doesn't really matter.

Nicryc
  • 675
  • 1
  • 10
  • 21
  • 2
    trustdb doesn't contain keys, only metadata _about_ (some) keys. GPG keeps _other_ people's keys in pubring, but you can't sign using other people's keys because you are you and not someone else. Older versions of GPG kept your _own_ ('secret' or 'private' keys) in secring, but depending on what distro and other packages you are using usually they are now stored in a form that cannot be directly imported. Instead **first export them using `gpg [--armor] --export-secret-keys [ids...]`** to create an export file, and then import _that_. – dave_thompson_085 Dec 29 '20 at 00:37
  • So it really was something I misunderstood… Thank you, it worked. I'll make an answer and mark it solved. – Nicryc Dec 29 '20 at 18:35

2 Answers2

2

Thanks to dave_thompson_085 comment, I exported my key [private.pgp] from WSL, imported it into Kleopatra, and I was able to sign my LibreOffice documents:

gpg --output private.pgp --export-secret-key user.name@email.com
JW0914
  • 7,052
  • 7
  • 27
  • 48
Nicryc
  • 675
  • 1
  • 10
  • 21
1

I have a quite hacky solution (but it works), if you're on WSL1 and have Gpg4Win installed (given you've already got Kleopatra): leverage symbolic links.

In WSL, run ln -s /mnt/c/Users/(You)/.gnupg ~/.gnupg.

Then create or import keys to your WSL environment as you would normally do.

Therefore WSL should share the same GPG profile as in your Windows environment.

Melonee
  • 21
  • 1
  • This is not a good idea due to how ACLs are processed between Windows and WSL - just as with SSH keys, GPG keys must remain private and they will not be when linked across the two OS architectures _(e.g. WSL uses UGO, Windows uses ACLs and neither are compatible with the other)_, which creates a security risk when dealing with private keys. The correct way to do what you're suggesting would be to copy the WSL `~/.gnupg` directory to `%UserProfile%` – JW0914 Dec 29 '20 at 14:12