backup startegy for keyrings

Neil Williams linux at codehelp.co.uk
Sun Feb 29 20:14:12 CET 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sunday 29 February 2004 4:08 pm, Hasnain Mujtaba wrote:
> Hi all,
>
> How does GPG backup its keyrings? Are the keyrings backed up before a key

That's left to you. Your public keys don't really need to be backed up - all 
you need is the list of keyID's and a keyserver. Maybe stick them in a 
database or just a simple text file. You should, obviously, have a secure 
backup of your secret key AND a secure revocation certificate. Beyond that, 
it's nice to have a backup of your trustdb and gpg.conf to save time.

To get a list of all keyids in your local public keyring:
$ gpg --list-keys | grep "^pub" | cut -d"/" -f2 | cut -d" " -f1 > keylist.txt
One per line.

> is added or deleted? If somehow a keyring get corrupted, what can we do to
> recover our keys?

If you cannot recover using gpg commands, delete the keyring and reimport the 
keys.

In one way, your local public keyring is just there to save going to the 
keyserver all the time - your keys can do with being refreshed regularly, 
otherwise you can miss out on a local key being revoked - potentially 
catastrophic if you've sent an encrypted message between revocation and 
refreshing. GnuPG cannot warn you about a revoked key if the local copy has 
not been refreshed.

I use a cron script to purge untrusted keys and refresh all other keys. The 
purge section was created from contributions on this list.

- -- 

Neil Williams
=============
http://www.codehelp.co.uk/
http://www.dclug.org.uk/
http://www.isbn.org.uk/
http://sourceforge.net/projects/isbnsearch/

http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAQkgUiAEJSii8s+MRAjJtAJ9zXEVdlubS5MfH4A360ZYHY+JRAwCguSgb
kdSDq8+QHV1CSbVacA4iLbg=
=jkPY
-----END PGP SIGNATURE-----




More information about the Gnupg-users mailing list