-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 07/14/17 13:56, Peter Lebbing wrote: > There's an option missing that could cause data loss in its > absence: > > $ gpg --armor --export > pub.asc > > I'd make that: > > $ gpg --armor --export-options export-local-sigs --export >pub.asc > > If you have made any signatures that are not exportable (so lsign > and friends), they would not be exported otherwise. That is > obviously what it is for, but if you do this to make a backup of > your own keyring, you would still want to keep those. > > And symmetrically, you'll want > > $ gpg --import-options import-local-sigs --import pub.asc
Are you recommending... $ gpg --armor --export-options export-local-sigs --export >pub.asc instead of $ gpg --armor --export > pub.asc and $ gpg --import-options import-local-sigs --import pub.asc instead of $ gpg --import < pub.asc ? Or should $ gpg --import-options import-local-sigs --import pub.asc $ gpg --armor --export-options export-local-sigs --export >pub.asc $ gpg --import-options import-local-sigs --import pub.asc $ gpg --import < pub.asc all be done? And this all functions with gpg2 in place of gpg ? Please note that while I greatly appreciate that Mr. Hansen wrote a program to handle this, I still like having the option of doing things manually. Thanks! Originally referencing this email... - -- begin quote -- - -------- Forwarded Message -------- Subject: RE: What is a reliable way to backup/restore my keys and test? Date: Wed, 14 Sep 2016 15:01:47 -0400 From: Robert J. Hansen <r...@sixdemonbag.org> To: 'Duane Whitty' <du...@nofroth.com>, gnupg-users@gnupg.org > I am relatively new to GNUPG so my apologies in advance if this > question is trivial. Welcome! And your question is not trivial. The following is the procedure I use on UNIX systems: First, export all public certificates into a public keyring: $ gpg --armor --export > pub.asc Second, export all secret certificates into a secret keyring: $ gpg --armor --export-secret-keys > priv.asc Third, export ownertrust values and save those: $ gpg --armor --export-ownertrust > trust.asc Fourth, copy all the *.conf files in ~/.gnupg into your current director y: $ cp ~/.gnupg/*.conf . Fifth, put these, and all your GnuPG .conf files, all into a single archive: $ tar cJf gpg-backup.txz pub.asc priv.asc trust.asc *.conf Copy gpg-backup.txz to the new machine. Once you've done that, uncompress it on the new machine: $ tar xJf gpg-backup.txz Import your secret certificates: $ gpg --import < priv.asc Import your public certificates: $ gpg --import < pub.asc Import your ownertrust values: $ gpg --import-ownertrust < trust.asc Make sure your ~/.gnupg directory exists. If it doesn't, run gpg with no arguments and hit Ctrl-C to break out of it. $ gpg Copy your .conf files into ~/.gnupg: $ cp *.conf ~/.gnupg ... And at that point you should be done. This technique should work regardless of whether you're migrating from 1.4 to 2.0, 1.4 to 2.1, 2.0 to 1.4, 2.0 to 2.1, 2.1 to 2.0, or 2.1 to 1.4. No matter which you're doing, you're covered. > I've just copied my .gnupg directory to a usb key as a backup > measure, which I found as a method (more or less) on > http://www.glump.net/content/gpg_intro/. It's a good idea to not copy the random_seed file. PRNG states should not be shared between computers. > How can I make sure my private key and trust assignments were > copied properly? Follow the above process and they will be. Your private certificates were exported, as were the trust assignments. > Once I have completed my OS upgrade how do I restore my keys and > the trust levels assigned to them? See the above process. > I use Thunderbird/Enigmail which is using gpg2 but I originally > created my key pair using gpg 1.4. Does this have any > ramifications? None. - --end quote-- - -- Daniel Villarreal http://www.youcanlinux.org youcanlinux at gmail.com PGP key 2F6E 0DC3 85E2 5EC0 DA03 3F5B F251 8938 A83E 7B49 https://pgp.mit.edu/pks/lookup?op=get&search=0xF2518938A83E7B49 -----BEGIN PGP SIGNATURE----- iQEcBAEBCAAGBQJZa/vbAAoJEPJRiTioPntJN1MH/RHi9MV3CWHPZp7AOHVDfWmI l4AOaEBs+2CRbW5jj6w6eI+LV5/IsDSmBMNEoPab7iOLdgzxc6SsTL4KjqK+9Imy kaOHyPTiMJ99GfOpCM9iZ7OuCsavUEWqw8JN/gtBBT561LA+NxZCUrrOkyZyWBCt pKpSI7cPtPyNe2VC7jrX4M/+SEwhzC1TmaCeXNoyBq3cTPwKPmGDuebfuv76/SVa 1HE5P/iCIDHZ+jxVWgsY2VTiOpifWN+ht54cc2MRZPkPC6KjSktIcuevo+ZDWw4+ QrR0tyn0fyNXHzJEhSie6v4wdM1QnEC6R34JR83LGMRxiH3820mrRyTmJFmvkxA= =PMER -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users