import trustdb.gpg or start from scratch?

Johannes Gerer kuerzn at
Wed Nov 14 11:34:53 CET 2012

How do I decrypt my backup in case of a disaster, if the secret key is in
the encrypted backup?
Am 14.11.2012 11:08 schrieb "Werner Koch" <wk at>:

> On Wed, 14 Nov 2012 00:27, rjh at said:
> > Including random_seed?  I've always been under the impression that's a
> > big no-no.
> Well, it is a backup and assumed to be used after a loss of data and not
> to replicate the data to several sites.
> random_seed is a cache file to speed up things.  It is never used
> directly.  For key generation we make sure that at least 300 fresh
> random bytes are mixed into the 600 bytes of the random pool (the state
> on which the RNG works).
> For session keys, we work on a random pool which has been initialized
> from the random_seed file.  But we also mix some other state into it
> (from the fast entropy gatherer).  Without a random_seed file, every use
> of session keys (i.e. a plain public key encryption) would require a lot
> of time to get entropy from the slow gatherer (usually /dev/random).
> That just takes too long and wastes precious entropy.
> Thus I consider it better to backup everything than to forget an
> important file.  Backup's are always encrypted - aren't they?
> Shalom-Salam,
>    Werner
> --
> Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20121114/67961e47/attachment.htm>

More information about the Gnupg-users mailing list