What is a reliable way to backup/restore my keys and test?

Thu Sep 15 16:11:01 CEST 2016

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 16-09-14 04:01 PM, Robert J. Hansen wrote:
>> I am relatively new to GNUPG so my apologies in advance if this
>> question
> is
>> trivial.
> 
> Welcome!  And your question is not trivial.
> 
> The following is the procedure I use on UNIX systems:
> 
> First, export all public certificates into a public keyring:
> 
> $ gpg --armor --export > pub.asc
> 
> Second, export all secret certificates into a secret keyring:
> 
> $ gpg --armor --export-secret-keys > priv.asc
> 
> Third, export ownertrust values and save those:
> 
> $ gpg --armor --export-ownertrust > trust.asc
> 
> Fourth, copy all the *.conf files in ~/.gnupg into your current
> directory:
> 
> $ cp ~/.gnupg/*.conf .
> 
> Fifth,  put these, and all your GnuPG .conf files, all into a
> single archive:
> 
> $ tar cJf gpg-backup.txz pub.asc priv.asc trust.asc *.conf
> 
> Copy gpg-backup.txz to the new machine.  Once you've done that,
> uncompress it on the new machine:
> 
> $ tar xJf gpg-backup.txz
> 
> Import your secret certificates:
> 
> $ gpg --import < priv.asc
> 
> Import your public certificates:
> 
> $ gpg --import < pub.asc
> 
> Import your ownertrust values:
> 
> $ gpg --import-ownertrust < trust.asc
> 
> Make sure your ~/.gnupg directory exists.  If it doesn't, run gpg
> with no arguments and hit Ctrl-C to break out of it.
> 
> $ gpg
> 
> Copy your .conf files into ~/.gnupg:
> 
> $ cp *.conf ~/.gnupg
> 
> ... And at that point you should be done.  This technique should
> work regardless of whether you're migrating from 1.4 to 2.0, 1.4 to
> 2.1, 2.0 to 1.4, 2.0 to 2.1, 2.1 to 2.0, or 2.1 to 1.4.  No matter
> which you're doing, you're covered.
> 
>> I've just copied my .gnupg directory to a usb key as a backup
>> measure,
> which
>> I found as a method (more or less) on 
>> http://www.glump.net/content/gpg_intro/.
> 
> It's a good idea to not copy the random_seed file.  PRNG states
> should not be shared between computers.
> 
>> How can I make sure my private key and trust assignments were
>> copied
> properly?
> 
> Follow the above process and they will be.  Your private
> certificates were exported, as were the trust assignments.
> 
>> Once I have completed my OS upgrade how do I restore my keys and
>> the trust levels assigned to them?
> 
> See the above process.
> 
>> I use Thunderbird/Enigmail which is using gpg2 but I originally
>> created my
> key
>> pair using gpg 1.4.  Does this have any ramifications?
> 
> None.
> 
> 

Thanks for the detailed walk-through, Robert.  Much appreciated!

Best Regards,
Duane

- -- 
Duane Whitty
duane at nofroth.com
-----BEGIN PGP SIGNATURE-----

iQEcBAEBCAAGBQJX2qv1AAoJEOJfpr8UVxtkNEQH/iImTGTQNomSipe0B2yccLMd
I1OKbeAIP59sORzC8UegelhtH4k1F9WZRVZUjRXfeEY4jWK5GX1pSsZbSIuDZGL/
0qHS63nrLm5qbSD7VSEzEmadHCVATkChYFBUGdPP2i1fCWjU1cWlJrNQxAohBZHr
ZUC/zh8BsXzIAbtLnb6zRgQ8lxgxLZzozLprwn5eGfnTBsC7GtSO/sjSQgC2hVpn
rRTviX3TNapt3DlnY4MtM/NNUOdWKeCGp+DkZBXiem1KDkIr+cfnuUY8+N/oJtfo
SlgJ3LrLS6I/w8eQ4Ru+qBK4qal28OChrO8fbtX+BY+4H8cdXjrsjqk7MpQZtEM=
=qOtt
-----END PGP SIGNATURE-----