My gpg backup process so far is:
$ gpg --export-ownertrust > PATH/TO/BACKUP/ownertrust.txt
$ cp -u ~/.gpgrc PATH/TO/BACKUP/
$ cp -u ~/.gnupg/gpg.conf ~/.gnupg/gpg-agent.conf PATH/TO/BACKUP/
$ gpg --export-secret-keys --armor
copy and paste/print/save output to your choice of secure place (ideally offline and offsite)
My gpg restore process so far is:
$ gpg --list-keys # make sure gpg is installed and initiated (install if necessary)
$ rm ~/.gnupg/trustdb.gpg
Copy private key to temporary file if not in file format
$ gpg --import TEMPFILE.asc # substitute TEMPFILE with your sig/asc filename
$ gpg --import-ownertrust PATH/TO/BACKUP/ownertrust.txt
This gets me up and running again, but none of the 3rd party (e.g. skype, ubuntu, archlinux, etc...) public keys or signatures that I had before are restored.
How do I modify my backup and restore processes to capture these 3rd party keys and signatures?
That is because you only exported your own keys (
--export-secret-keys
). To export all public keys you must use the--export
command.Add
--export
(to export your public keyring and exportable signatures) with the option--export-options backup
(to include all local signatures) to your gpg export process:Then add the following to your gpg restore process: