Hey so I’m new to the world of gpg/pgp. Using a test gpg key pair I created, the goal was to digitally sign a odf so I was wondering what do I backup so I could keep signing digitally using this key in case shit hits the fan and my computer no longer works? Using seahorse, I perfer it to the terminal, the options are to either export the public key or the secret key and I’m honestly confused should I do both or just the secret key? I did notice people also just take a copy of their .gnupg directory but I feel thats just to backup all of their keys including imported ones rather than a singular one. Any help is appreciated preferably as if you were talking to a 5 year old

The TLDR: Just created a gpg key pair now how do I back it up?

  • planetaryprotection
    link
    fedilink
    English
    arrow-up
    16
    ·
    1 year ago

    In practice, I believe the private key should contain the public key (or at least sufficient data to recover it): https://superuser.com/questions/814409/gnupg-opengpg-recovering-public-key-from-private-key#814421

    I believe you only need your private key to sign files so, technically you only need to back up the private key, but you should test this to be sure it fits your use case.

    Depending on how you’re backing things up, and what your security goals are, remember that backing up a private key may involve putting that private key on somebody else’s computer - i.e. if you use a remote git repo, or cloud backup service, or even send the key to your own (different) machine over an insecure network. Make sure that you’ve got a way of securely backing up your private key, otherwise you may undermine the whole cryptography thing anyways :).

    As always, you should test by backing up your key(s) and then testing that you can actually restore them and successfully sign a file. Backups are only as good as the last time you tested restoring from them.

    • PlexSheep@feddit.de
      link
      fedilink
      arrow-up
      11
      ·
      1 year ago

      That’s correct. If you’re not working with a pure mathematical private key. Any common format contains the information to get the public key, in fact, that’s how the public key is generated.

    • Extras@lemmy.todayOP
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      Really appreciate your help I will continue to test everything out with the testing key pair I made but I believe you’re right regarding just needing the private/secret key. As for backups, I’ll just use the same methods as my password manager vault and keyfiles backups thanks again

    • zerbey@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      1 year ago

      Been using PGP for years, everything you said is correct. Create two keys so you have an extra one and make sure your second key is able to decrypt all files (just add it as a recipient).