Backup of Keys

Damien Goutte-Gattat dgouttegattat at incenp.org
Sun May 24 14:52:21 CEST 2020 

On Sat, May 23, 2020 at 09:35:54PM -0700, Mark wrote:
>I'm sure this is a pretty stupid question

No, it’s not.


>I'm trying to figure out which files I need to backup to safeguard my 
>keys.

I’m assuming you are using GnuPG 2.2 on Windows here (based on your 
User-Agent).

Everything that needs to be saved is in GnuPG’s home directory, which on 
Windows should be `C:\Documents and Settings\<username>\Application 
Data\gnupg`. In that folder you should save:

* the private keys (in the `private-keys-v1.d` subfolder;
* the public keys (the `pubring.kbx` file);
* the trust data (the `trustdb.gpg` file, plus the `tofu.db` file of you 
are using the TOFU trust model);
* any configuration file (`*.conf`);
* if you are using GpgSM, the `policies.txt` and `trustlist.txt` files.

For the private and public keys however, instead of saving the files 
directly I’d recommend exporting them from GnuPG:

% gpg -o private-keys.gpg --export-secret-keys
% gpg -o public-keys.gpg  --export

The rationale for doing so is that the exported files are in the 
standard OpenPGP format, from which you can re-import them without 
worrying about changes from one GnuPG version to another. To restore:

% gpg --import private-keys.gpg
% gpg --import public-keys.gpg

(You can also do that with a graphical interface, of course.)

Of note, there is also a much simpler option which could replace 
everything above: use the Sherpa tool [1], which does exactly what you 
need. It backs up a complete GnuPG profile into an archive and later 
allows you to restore it. Do mind the warning about Sherpa not being 
“ready for regular users”, though. For what it’s worth, I’ve used it a 
few times and never had any issues with it.

Hope that helps,

- Damien


[1] https://github.com/rjhansen/sherpa
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20200524/100ec954/attachment.sig>

More information about the Gnupg-users mailing list