Forked from chrisroos/gpg-import-and-export-instructions.md
Created
July 7, 2020 01:16
-
-
Save synkarius/39bb8fadcc3d5fe67e33c6deebe2e74c to your computer and use it in GitHub Desktop.
Revisions
-
chrisroos created this gist
Sep 9, 2011 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,50 @@ Every so often I have to restore my gpg keys and I'm never sure how best to do it. So, I've spent some time playing around with the various ways to export/import (backup/restore) keys. ## Method 1 ### Backup the public and secret keyrings and trust database cp ~/.gnupg/pubring.gpg /path/to/backups/ cp ~/.gnupg/secring.gpg /path/to/backups/ cp ~/.gnupg/trustdb.gpg /path/to/backups/ # or, instead of backing up trustdb... gpg --export-ownertrust > chrisroos-ownertrust-gpg.txt *NOTE* The [GPG manual](http://www.gnupg.org/documentation/manuals/gnupg/GPG-Configuration.html) suggests exporting the ownertrust instead of backing up the trustdb, although it doesn't explain why. ### Restore the public and secret keyrings and trust database cp /path/to/backups/*.gpg ~/.gnupg/ # or, if you exported the ownertrust gpg --import-ownertrust chrisroos-ownertrust-gpg.txt ## Method 2 This only really works if you don't mind losing any other keys (than your own). ### Export public and secret key and ownertrust gpg -a --export [email protected] > chrisroos-public-gpg.key gpg -a --export-secret-keys [email protected] > chrisroos-secret-gpg.key gpg --export-ownertrust > chrisroos-ownertrust-gpg.txt ### Import secret key (which contains the public key) and ownertrust gpg --import chrisroos-secret-gpg.key gpg --import-ownertrust chrisroos-ownertrust-gpg.txt ## Method 3 This is mainly about trusting my key once I've imported it (by either restoring the pubring.gpg and secring.gpg, or by using --import). This seems to be what I do the most as I either forget to import the trustdb or ownertrust. ### Ultimately trust the imported key This is so that I can encrypt data using my public key gpg --edit-key [email protected] gpg> trust Your decision? 5 (Ultimate trust) *NOTE* If I don't trust the public key then I see the following message when trying to encrypt something with it: gpg: <key-id>: There is no assurance this key belongs to the named user