Looks like the best workaround for the problem I reported yesterday is to:
1) create a new keychain,
2) move all keys _other_ than the thawte ones into this new keychain
3) copy the existing keychain to the new machine
4) use the "File>Add Keychain" operation to add the new keychain.

Note that step two can be REALLY tedious, as you'll have to type your password once per key (depends on your settings, of course).

My personal suspicion as to why the public key can't be moved is that it and the private key were both created with the same name. Pure speculation on my part, of course.

Actually, making sure that someone can't move your certificate to another computer and start signing messages with your cert is the whole point of the system... if it's not a pain in the ass, it's not good security.

If you manage to enable two machines to read the same set of encrypted e-mails using the same set of keys, consider yourself "L337" ... and hope that someone doesn't take a shot at copying your certs to THEIR computer and start digging through your mail.