backup startegy for keyrings
linux at codehelp.co.uk
Sun Feb 29 20:14:12 CET 2004
-----BEGIN PGP SIGNED MESSAGE-----
On Sunday 29 February 2004 4:08 pm, Hasnain Mujtaba wrote:
> Hi all,
> How does GPG backup its keyrings? Are the keyrings backed up before a key
That's left to you. Your public keys don't really need to be backed up - all
you need is the list of keyID's and a keyserver. Maybe stick them in a
database or just a simple text file. You should, obviously, have a secure
backup of your secret key AND a secure revocation certificate. Beyond that,
it's nice to have a backup of your trustdb and gpg.conf to save time.
To get a list of all keyids in your local public keyring:
$ gpg --list-keys | grep "^pub" | cut -d"/" -f2 | cut -d" " -f1 > keylist.txt
One per line.
> is added or deleted? If somehow a keyring get corrupted, what can we do to
> recover our keys?
If you cannot recover using gpg commands, delete the keyring and reimport the
In one way, your local public keyring is just there to save going to the
keyserver all the time - your keys can do with being refreshed regularly,
otherwise you can miss out on a local key being revoked - potentially
catastrophic if you've sent an encrypted message between revocation and
refreshing. GnuPG cannot warn you about a revoked key if the local copy has
not been refreshed.
I use a cron script to purge untrusted keys and refresh all other keys. The
purge section was created from contributions on this list.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the Gnupg-users