6 private links
https://gist.github.com/Killeroid/6361944d0694e474fb94cc42a3b119d1
Every so often I have to restore my gpg keys and I'm never sure how best to do it. So, I've spent some time playing around with the various ways to export/import (backup/restore) keys.
Method 1
Gotten from the RedHat GPG migration manual
Backup the public and secret keyrings and trust database
## Export all public keys
gpg -a --export >mypubkeys.asc
## Export all encrypted private keys (which will also include corresponding public keys)
gpg -a --export-secret-keys >myprivatekeys.asc
## Export gpg's trustdb to a text file
gpg --export-ownertrust >otrust.txtRestore the public and secret keyrings and trust database
gpg --import myprivatekeys.asc
gpg --import mypubkeys.asc
gpg -K
gpg -k
gpg --import-ownertrust otrust.txtMethod 2
Backup the public and secret keyrings and trust database
cp ~/.gnupg/pubring.gpg /path/to/backups/
cp ~/.gnupg/secring.gpg /path/to/backups/
cp ~/.gnupg/trustdb.gpg /path/to/backups/
# or, instead of backing up trustdb...
gpg --export-ownertrust > chrisroos-ownertrust-gpg.txtNOTE The GPG manual suggests exporting the ownertrust instead of backing up the trustdb, although it doesn't explain why.
Restore the public and secret keyrings and trust database
cp /path/to/backups/*.gpg ~/.gnupg/
# or, if you exported the ownertrust
gpg --import-ownertrust chrisroos-ownertrust-gpg.txtMethod 3
This only really works if you don't mind losing any other keys (than your own).
Export public and secret key and ownertrust
gpg -a --export chris@seagul.co.uk > chrisroos-public-gpg.key
gpg -a --export-secret-keys chris@seagul.co.uk > chrisroos-secret-gpg.key
gpg --export-ownertrust > chrisroos-ownertrust-gpg.txtImport secret key (which contains the public key) and ownertrust
gpg --import chrisroos-secret-gpg.key
gpg --import-ownertrust chrisroos-ownertrust-gpg.txtMethod 4
This is mainly about trusting my key once I've imported it (by either restoring the pubring.gpg and secring.gpg, or by using --import). This seems to be what I do the most as I either forget to import the trustdb or ownertrust.
Ultimately trust the imported key
This is so that I can encrypt data using my public key
gpg --edit-key chris@seagul.co.uk
gpg> trust
Your decision? 5 (Ultimate trust)NOTE If I don't trust the public key then I see the following message when trying to encrypt something with it:
gpg: <key-id>: There is no assurance this key belongs to the named user
Ladies and Gentlemen, here it is. We’ve put a lot of effort into this, and it’s very long. We tried to think of every angle in terms of privacy, and the effort was worth it. Almost 13,000 words about how to protect your privacy online. There’s no need to read it at once, just check the index below and click on the parts that interest you.
Every so often I have to restore my gpg keys and I'm never sure how best to do it. So, I've spent some time playing around with the various ways to export/import (backup/restore) keys.