Ping a Specific Port

Question

jldupont

Asked: 2009-11-19 12:46:24 +0800 CST2009-11-19 12:46:24 +0800 CST 2009-11-19 12:46:24 +0800 CST

How to backup GPG?

772

What are the critical files I need to backup from GPG? I guess my private key would qualify of course, but what else?

6 Answers

Voted

hultqvist · Answer 1 · 2009-11-19T14:17:06+08:00

Best Answer

hultqvist

2009-11-19T14:17:06+08:002009-11-19T14:17:06+08:00

The most critical are your secret/private keys:

gpg --export-secret-keys > secret-backup.gpg

secret-backup.gpg is then the file to keep safe.

Otherwise the ~/.gnupg/ directory contain all private and public keys(secring.gpg and pubring.gpg respectively) as well as configuration and trustdb which could be convenient to have stored.

47

serghei · Answer 2 · 2020-11-03T06:59:37+08:00

serghei

2020-11-03T06:59:37+08:002020-11-03T06:59:37+08:00

There is nothing special. Let's assume [email protected] is your ID.:

Export keys and ownertrust:

gpg --export --armor [email protected] > [email protected]
gpg --export-secret-keys --armor [email protected] > [email protected]
gpg --export-secret-subkeys --armor [email protected] > [email protected]_priv.asc
gpg --export-ownertrust > ownertrust.txt

Import keys and ownertrust:

gpg --import [email protected]
gpg --import [email protected]
gpg --import [email protected]_priv.asc
gpg --import-ownertrust ownertrust.txt

Ultimately trust the imported key:

gpg --edit-key [email protected]
gpg> trust
Your decision? 5 (Ultimate trust)

15

user1686 · Answer 3 · 2009-11-19T13:42:16+08:00

user1686

2009-11-19T13:42:16+08:002009-11-19T13:42:16+08:00

The easiest way would be to grab the entire GnuPG directory - usually ~/.gnupg/, it contains all private keys you have, as well as the public keyring and other useful data (trustdb, etc.)

13

Firmin Martin · Answer 4 · 2021-01-06T12:13:33+08:00

In addition to @serghei's answer, check the documentation of gnupg. It says that you should backup:

~/.gnupg/gpg.conf (standard configuration file)
~/.gnupg/pubring.gpg (legacy public keyring)
~/.gnupg/pubring.kbx (new public keyring using keybox format)
~/.gnupg/openpgp-revocs.d/ (revocation certificates)

It suggests also to backup the ownertrust

gpg --export-ownertrust > otrust.txt

Of course, you should backup your secret keys as well. If I understand correctly, the quickest way would be using tar to backup the whole ~/.gnupg except revocation certificates ~/.gnupg/openpgp-revocs.d/. You may consider to print revocation certificates as a QR code (qrencode) or instead, print out secret keys with the utility paperkey (see reference). Remember that if you keep your private keys and revocation certificates in one device, an attacker can revoke your public key and issue a new one claiming to be you.

Reference: An Advanced Introduction to GnuPG, Neal H. Walfiel section 6.3.8 (creating a backup).

PEra · Answer 5 · 2009-11-19T13:13:19+08:00

PEra

2009-11-19T13:13:19+08:002009-11-19T13:13:19+08:00

You definitely want to backup your private key and the revocation file you created.

2

Broam · Answer 6 · 2009-11-19T12:56:44+08:00

Broam

2009-11-19T12:56:44+08:002009-11-19T12:56:44+08:00

You may also want to back up any keys you've signed or ones you don't feel like re-downloading off the key servers.

At a minimum, all you need is your complete key.

0

How to backup GPG?

Ping a Specific Port

What port does SFTP use?

Resolve host name from IP address

How can I sort du -h output by size

Command line to list users in a Windows Active Directory group?

What's the command-line utility in Windows to do a reverse DNS look-up?

How to check if a port is blocked on a Windows machine?

What port should I open to allow remote desktop?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?