Backup of Keys

Mark azbigdogs at gmx.com
Sun May 24 19:02:23 CEST 2020 

Thanks for all the tips on which files to backup and how to export to
for use in other apps (which is another thing I want to do later). MANY
years ago (mid 90s) I created some PGP keys with the old Norton PGP
program I was beta testing... Unfortunately those private keys are long
lost (several computers ago) and have no idea where any backups of them
are. Learning from my mistake here so want to make sure I have backups
of what I need. Yes I am using GnuPG 2.2 as part of GPG4Win and Enigmail.

I will take a look at if I have all those files, some don't look
familiar plus take a look at that Sherpa program


On 5/24/2020 5:52 AM, Damien Goutte-Gattat wrote:
> On Sat, May 23, 2020 at 09:35:54PM -0700, Mark wrote:
>> I'm sure this is a pretty stupid question
>
> No, it’s not.
>
>
>> I'm trying to figure out which files I need to backup to safeguard my
>> keys.
>
> I’m assuming you are using GnuPG 2.2 on Windows here (based on your
> User-Agent).
>
> Everything that needs to be saved is in GnuPG’s home directory, which
> on Windows should be `C:\Documents and Settings\<username>\Application
> Data\gnupg`. In that folder you should save:
>
> * the private keys (in the `private-keys-v1.d` subfolder;
> * the public keys (the `pubring.kbx` file);
> * the trust data (the `trustdb.gpg` file, plus the `tofu.db` file of
> you are using the TOFU trust model);
> * any configuration file (`*.conf`);
> * if you are using GpgSM, the `policies.txt` and `trustlist.txt` files.
>
> For the private and public keys however, instead of saving the files
> directly I’d recommend exporting them from GnuPG:
>
> % gpg -o private-keys.gpg --export-secret-keys
> % gpg -o public-keys.gpg  --export
>
> The rationale for doing so is that the exported files are in the
> standard OpenPGP format, from which you can re-import them without
> worrying about changes from one GnuPG version to another. To restore:
>
> % gpg --import private-keys.gpg
> % gpg --import public-keys.gpg
>
> (You can also do that with a graphical interface, of course.)
>
> Of note, there is also a much simpler option which could replace
> everything above: use the Sherpa tool [1], which does exactly what you
> need. It backs up a complete GnuPG profile into an archive and later
> allows you to restore it. Do mind the warning about Sherpa not being
> “ready for regular users”, though. For what it’s worth, I’ve used it a
> few times and never had any issues with it.
>
> Hope that helps,
>
> - Damien
>
>
> [1] https://github.com/rjhansen/sherpa

More information about the Gnupg-users mailing list