Backup of Keys

Peter Lebbing peter at digitalbrains.com
Sun May 24 18:03:34 CEST 2020


On 24/05/2020 14:52, Damien Goutte-Gattat via Gnupg-users wrote:
> No, it’s not.

Absolutely not ;-)

> For the private and public keys however, instead of saving the files
> directly I’d recommend exporting them from GnuPG:
> 
> % gpg -o private-keys.gpg --export-secret-keys
> % gpg -o public-keys.gpg  --export

Note, however, that the first of these two is interactive in that it
asks for your passphrase(s). This is because it needs to be re-encrypted
because the storage format is different.

So you could do the first one manually every time you add (or remove)
private keys or change a passphrase. Anything else, including changing
key preferences, key expiry, etcetera, is equally reflected in
public-keys.gpg from the second line. 

The second can be done regularly and automatically.

Do back up other stuff from that directory as well. It's important,
non-public data: your ownertrust declarations, TOFU bindings and
history.

You might want to omit the file random_seed. I forgot how important this
is these days. I believe it has gotten less important at some time.

But using Sherpa is probably a good bet.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20200524/83b3b57d/attachment.sig>


More information about the Gnupg-users mailing list