https://gist.github.com/Killeroid/6361944d0694e474fb94cc42a3b119d1

Every so often I have to restore my gpg keys and I'm never sure how best to do it. So, I've spent some time playing around with the various ways to export/import (backup/restore) keys.

Method 1

Gotten from the RedHat GPG migration manual

Backup the public and secret keyrings and trust database

## Export all public keys
gpg -a --export >mypubkeys.asc

## Export all encrypted private keys (which will also include corresponding public keys)
gpg -a --export-secret-keys >myprivatekeys.asc

## Export gpg's trustdb to a text file
gpg --export-ownertrust >otrust.txt

Restore the public and secret keyrings and trust database

gpg --import myprivatekeys.asc
gpg --import mypubkeys.asc
gpg -K
gpg -k
gpg --import-ownertrust otrust.txt

Method 2

Backup the public and secret keyrings and trust database

cp ~/.gnupg/pubring.gpg /path/to/backups/
cp ~/.gnupg/secring.gpg /path/to/backups/
cp ~/.gnupg/trustdb.gpg /path/to/backups/
# or, instead of backing up trustdb...
gpg --export-ownertrust > chrisroos-ownertrust-gpg.txt

NOTE The GPG manual suggests exporting the ownertrust instead of backing up the trustdb, although it doesn't explain why.

Restore the public and secret keyrings and trust database

cp /path/to/backups/*.gpg ~/.gnupg/
# or, if you exported the ownertrust
gpg --import-ownertrust chrisroos-ownertrust-gpg.txt

Method 3

This only really works if you don't mind losing any other keys (than your own).

Export public and secret key and ownertrust

gpg -a --export chris@seagul.co.uk > chrisroos-public-gpg.key
gpg -a --export-secret-keys chris@seagul.co.uk > chrisroos-secret-gpg.key
gpg --export-ownertrust > chrisroos-ownertrust-gpg.txt

Import secret key (which contains the public key) and ownertrust

gpg --import chrisroos-secret-gpg.key
gpg --import-ownertrust chrisroos-ownertrust-gpg.txt

Method 4

This is mainly about trusting my key once I've imported it (by either restoring the pubring.gpg and secring.gpg, or by using --import). This seems to be what I do the most as I either forget to import the trustdb or ownertrust.

Ultimately trust the imported key

This is so that I can encrypt data using my public key

gpg --edit-key chris@seagul.co.uk
gpg> trust
Your decision? 5 (Ultimate trust)

NOTE If I don't trust the public key then I see the following message when trying to encrypt something with it:

gpg: <key-id>: There is no assurance this key belongs to the named user

alias block='systemd-inhibit --no-ask-password --what=idle --who="me" --why="cuz I said so" sh & disown; export INHIBIT_PID=$!'
alias unblock='kill -SIGKILL $INHIBIT_PID; INHIBIT_PID='

/// The idea of this function is convert from a Vec of some time to an empty Vec of another type, reusing the heap allocation
fn reuse_vec<T, U>(mut v: Vec<T>) -> Vec<U> {
   const {
       assert!(size_of::<T>() == size_of::<U>());
       assert!(align_of::<T>() == align_of::<U>());
   }
   v.clear();
   v.into_iter().map(|_| unreachable!()).collect()
}

pub struct Foo<'a> {
    owned: String,
    borrowed: &'a str,
}
struct StaticFoo {
    owned: String,
    borrowed: MaybeUninit<&'static str>,
}
fn without_lifetime(foos: Vec<Foo>) -> Vec<StaticFoo> {
    foos.into_iter()
        .map(|f| StaticFoo {
            owned: f.owned,
            borrowed: MaybeUninit::uninit(),
        })
        .collect()
}

// The presence of MaybeUnit::uninit() tells the compiler that it’s OK to have anything there, so it can choose to leave whatever &str was in the original Foo struct. This means that it’s valid to produce a StaticFoo with the same in-memory representation as the Foo that it replaces, allowing it to eliminate the loop

CSS streaming