Backup of Keys

Robert J. Hansen rjh at sixdemonbag.org
Sun May 24 21:57:17 CEST 2020


> I was thinking along the lines of backing up that entire directory into
> an encrypted 7z file and then just having to remember the password to
> that archive. I know there are other options maybe even some that use
> biometrics to decrypt the database.

Don't.  GnuPG puts things in that directory that are specific to your
particular machine.  Most of these are harmless (lockfiles, etc.) but
some are potentially harmful to share between installations.

For instance, there's one file, "random_seed".  Werner says it's not a
major concern, but I and many others have a flaming heebie-jeebies
reaction to the idea of sharing a random number generator's seed file
between two machines -- copying RNG state information is how *many,
many, many* cryptosystems in history have been broken.

Don't just back up the directory.  Only copy the files that are strictly
necessary for operation.  Sherpa can help you with this.




More information about the Gnupg-users mailing list