diff --git a/dots/bin/deployGnupgKeys.sh b/dots/bin/deployGnupgKeys.sh
new file mode 100644
index 0000000..7d3e954
--- /dev/null
+++ b/dots/bin/deployGnupgKeys.sh
@@ -0,0 +1,72 @@
+#!/usr/bin/env bash
+
+# klevstul :: 24.06
+
+this_file_name=`basename "$0"`
+echo "$this_file_name"
+
+# location of ssh keys
+syncdir_env_var=SYNCDIR_${HOSTNAME}
+src_gnupg_dir=${!syncdir_env_var}/secrets/.gnupg
+trg_gnupg_dir=~/.gnupg
+
+echo "\$SYNCDIR_${HOSTNAME}=${!syncdir_env_var}"
+echo "src_gnupg_dir: ${src_gnupg_dir}"
+
+if ! [[ -d ${src_gnupg_dir} ]]; then
+    echo "error: non-existing directory '${src_gnupg_dir}'" >&2; exit 1
+fi
+
+if ! [[ -d "$trg_gnupg_dir" ]]; then
+    echo "creating non-existing target dir '${trg_gnupg_dir}'."
+    mkdir -p ${trg_gnupg_dir}
+fi
+
+the_file=trustdb.gpg
+if ! [[ -f ${trg_gnupg_dir}/${the_file} ]]; then
+    echo "deploy ${the_file}"
+    cp ${src_gnupg_dir}/${the_file} ${trg_gnupg_dir}
+else
+    echo "${the_file} already exist in ${trg_gnupg_dir}"
+fi
+
+the_file=pubring.kbx
+if ! [[ -f ${trg_gnupg_dir}/${the_file} ]]; then
+    echo "deploy ${the_file}"
+    cp ${src_gnupg_dir}/${the_file} ${trg_gnupg_dir}
+else
+    echo "${the_file} already exist in ${trg_gnupg_dir}"
+fi
+
+the_directory=openpgp-revocs.d
+if ! [[ -d ${trg_gnupg_dir}/${the_directory} ]]; then
+    echo "deploy ${the_directory}"
+    cp -r ${src_gnupg_dir}/${the_directory} ${trg_gnupg_dir}
+else
+    echo "${the_directory} already exist in ${trg_gnupg_dir}"
+fi
+
+the_file=private-keys-v1.d.7z.gpg
+if ! [[ -d ${trg_gnupg_dir}/private-keys-v1.d ]]; then
+    echo "deploy private-keys-v1.d"
+    cp ${src_gnupg_dir}/${the_file} ${trg_gnupg_dir}
+else
+    echo "private-keys-v1.d already exist in ${trg_gnupg_dir}"
+fi
+
+echo "do you want to unpack and decrypt ${the_file}? (y/n)"
+read user_input
+
+if [[ ${user_input} == "y" ]]; then
+    echo "yes"
+    echo "please, remember the hint: poq.l2"
+    gpg -d ${trg_gnupg_dir}/id_rsa.gpg > ${trg_gnupg_dir}/id_rsa
+    #chmod 0600 ${trg_gnupg_dir}/id_rsa        # id_rsa can not be accessible by other users
+else
+    echo "no worries. you can manually unpack and decrypt the file, if needed:"
+    echo "gpg -d private-keys-v1.d.7z.gpg > private-keys-v1.d.7z"
+    echo "7za x private-keys-v1.d.7z"
+fi
+
+echo "${trg_gnupg_dir}:"
+ls -al ${trg_gnupg_dir}