What is a reliable way to backup/restore my keys and test?
Robert J. Hansen
rjh at sixdemonbag.org
Wed Sep 14 21:01:47 CEST 2016
> I am relatively new to GNUPG so my apologies in advance if this question
Welcome! And your question is not trivial.
The following is the procedure I use on UNIX systems:
First, export all public certificates into a public keyring:
$ gpg --armor --export > pub.asc
Second, export all secret certificates into a secret keyring:
$ gpg --armor --export-secret-keys > priv.asc
Third, export ownertrust values and save those:
$ gpg --armor --export-ownertrust > trust.asc
Fourth, copy all the *.conf files in ~/.gnupg into your current directory:
$ cp ~/.gnupg/*.conf .
Fifth, put these, and all your GnuPG .conf files, all into a single
$ tar cJf gpg-backup.txz pub.asc priv.asc trust.asc *.conf
Copy gpg-backup.txz to the new machine. Once you've done that, uncompress
it on the new machine:
$ tar xJf gpg-backup.txz
Import your secret certificates:
$ gpg --import < priv.asc
Import your public certificates:
$ gpg --import < pub.asc
Import your ownertrust values:
$ gpg --import-ownertrust < trust.asc
Make sure your ~/.gnupg directory exists. If it doesn't, run gpg with no
arguments and hit Ctrl-C to break out of it.
Copy your .conf files into ~/.gnupg:
$ cp *.conf ~/.gnupg
... And at that point you should be done. This technique should work
regardless of whether you're migrating from 1.4 to 2.0, 1.4 to 2.1, 2.0 to
1.4, 2.0 to 2.1, 2.1 to 2.0, or 2.1 to 1.4. No matter which you're doing,
> I've just copied my .gnupg directory to a usb key as a backup measure,
> I found as a method (more or less) on
It's a good idea to not copy the random_seed file. PRNG states should not
be shared between computers.
> How can I make sure my private key and trust assignments were copied
Follow the above process and they will be. Your private certificates were
exported, as were the trust assignments.
> Once I have completed my OS upgrade how do I restore my keys and the
> trust levels assigned to them?
See the above process.
> I use Thunderbird/Enigmail which is using gpg2 but I originally created my
> pair using gpg 1.4. Does this have any ramifications?
More information about the Gnupg-users