Backup of GPG private keys?
Werner Koch
wk at gnupg.org
Wed Jan 26 16:14:11 CET 2022
On Wed, 26 Jan 2022 08:15, Mogens Jensen said:
> As of GnuPG (LTS) version 2.2.33, what is the recommended way to backup
> your GPG private keys on a Linux system?
For just the private keys you can tar up the private-keys-v1.d
directory, encrypt it with gpg (you might want to use a password (-c)
then). But such a backup has no public keys and they can't be
re-generated from the backup-ed private keys. However, the other data
below ~/.gnupg is not highly sensitive can can be part of the regular
backup.
> 1. Backing up the entire ~./gnupg directory?
That is of course a working option but recall that the data has the
private keys and you should encrypt it.
> 2. Exporting only the keys?
>
> $ gpg --armor --export-secret-keys >gpg-key-backup.asc
That is possible, but, frankly, the OpenPGP format for encrypted private
keys is not as strong as it should be - thus you better add an
additional encryption layer. The actual problem here is that you need
to provide the passphrase for each key.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20220126/e1070cc0/attachment-0001.sig>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20220126/e1070cc0/attachment-0002.sig>
More information about the Gnupg-users
mailing list