A Quick Question

Daniel Villarreal youcanlinux at gmail.com
Fri Jul 14 16:01:57 CEST 2017

Hash: SHA256

On 07/14/17 04:59, david at gbenet.com wrote:
> Hi All,
> I want to back up and move all the keys I have - without moving
> the whole directory - I have gpa kgpg and Kleopatra but none of
> these as far as I can see back up all your keys.

- -- begin quote --
- -------- Forwarded Message --------
Subject: RE: What is a reliable way to backup/restore my keys and test?
Date: Wed, 14 Sep 2016 15:01:47 -0400
From: Robert J. Hansen <rjh at sixdemonbag.org>
To: 'Duane Whitty' <duane at nofroth.com>, gnupg-users at gnupg.org

> I am relatively new to GNUPG so my apologies in advance if this >
question is trivial.

Welcome!  And your question is not trivial.

The following is the procedure I use on UNIX systems:

First, export all public certificates into a public keyring:

	$ gpg --armor --export > pub.asc

Second, export all secret certificates into a secret keyring:

	$ gpg --armor --export-secret-keys > priv.asc

Third, export ownertrust values and save those:

	$ gpg --armor --export-ownertrust > trust.asc

Fourth, copy all the *.conf files in ~/.gnupg into your current director

	$ cp ~/.gnupg/*.conf .

Fifth,  put these, and all your GnuPG .conf files, all into a single

	$ tar cJf gpg-backup.txz pub.asc priv.asc trust.asc *.conf

Copy gpg-backup.txz to the new machine.  Once you've done that,
uncompress it on the new machine:

	$ tar xJf gpg-backup.txz

Import your secret certificates:

	$ gpg --import < priv.asc

Import your public certificates:

	$ gpg --import < pub.asc

Import your ownertrust values:

	$ gpg --import-ownertrust < trust.asc

Make sure your ~/.gnupg directory exists.  If it doesn't, run gpg with
no arguments and hit Ctrl-C to break out of it.

	$ gpg

Copy your .conf files into ~/.gnupg:

	$ cp *.conf ~/.gnupg

... And at that point you should be done.  This technique should work
regardless of whether you're migrating from 1.4 to 2.0, 1.4 to 2.1,
2.0 to 1.4, 2.0 to 2.1, 2.1 to 2.0, or 2.1 to 1.4.  No matter which
you're doing, you're covered.

> I've just copied my .gnupg directory to a usb key as a backup 
> measure, which I found as a method (more or less) on 
> http://www.glump.net/content/gpg_intro/.

It's a good idea to not copy the random_seed file.  PRNG states should
not be shared between computers.

> How can I make sure my private key and trust assignments were 
> copied properly?

Follow the above process and they will be.  Your private certificates
were exported, as were the trust assignments.

> Once I have completed my OS upgrade how do I restore my keys and 
> the trust levels assigned to them?

See the above process.

> I use Thunderbird/Enigmail which is using gpg2 but I originally 
> created my key pair using gpg 1.4.  Does this have any 
> ramifications?


- --end quote--

- -- 
Daniel Villarreal
youcanlinux at gmail.com
PGP key 2F6E 0DC3 85E2 5EC0 DA03  3F5B F251 8938 A83E 7B49


More information about the Gnupg-users mailing list