[ @gpg @kgpg ]
*todo PGP — перевод
https://www.jwillikers.com/backup-and-restore-a-gpg-key
The following steps will show you how to backup and restore a PGP key using GnuPG, version 2.2.20 to be exact. The backup is electronic, not physical, such as backups created with PaperKey. I recommend also creating a backup key on paper with PaperKey and keeping it in a safe place for an added layer of redundancy. It is expected you are already familiar using GnuPG from the command-line and have an existing installation of GPG with a key pair available to backup.
Backup
Determine which key to backup
➜ gpg --list-secret-keys --keyid-format LONG
/home/pstibbons/.gnupg/pubring.kbx
-------------------------------
sec rsa4096/C8DE632E9A8A0BDD 2020-11-13 [SC]
/home/pstibbons/.gnupg/pubring.kbx
-------------------------------
sec rsa4096/C8DE632E9A8A0BDD 2020-11-13 [SC]
F38915B041F5F1024AF95C30C8DE632E9A8A0BDD
uid [ultimate> Ponder Stibbons [ponder.stibbons@unseen.edu]
ssb rsa4096/DBCD8B98F2F9188C 2020-11-13 [E]
ssb rsa4096/DBCD8B98F2F9188C 2020-11-13 [E]
Here there is only one private key for a Ponder Stibbons.
Export the private GPG key
➜ gpg -o private.gpg --export-options backup --export-secret-keys ponder.stibbons@unseen.edu
This invocation places the key in the file private.gpg in the current directory. The export option backup exports all necessary data for GnuPG to restore the key.
Enter the private key’s passphrase in the [Export Passphrase Prompt> to export the key.
Passphrase Prompt to Export GPG Key
Export Passphrase Prompt
Passphrase Prompt to Export GPG Key
Export Passphrase Prompt
Now place this backup somewhere safe. Ideally, store it only on offline media.
Restore
Import the private key.
➜ gpg --import-options restore --import private.gpg
gpg: key C8DE632E9A8A0BDD: public key "Ponder Stibbons [ponder.stibbons@unseen.edu]" imported
gpg: key C8DE632E9A8A0BDD: secret key imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: secret keys read: 1
gpg: secret keys imported: 1
gpg: key C8DE632E9A8A0BDD: public key "Ponder Stibbons [ponder.stibbons@unseen.edu]" imported
gpg: key C8DE632E9A8A0BDD: secret key imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: secret keys read: 1
gpg: secret keys imported: 1
This invocation imports the key from the file private.gpg in the current directory. The import option restore imports all necessary data for GnuPG to fully restore the key. The import option keep-ownertrust keeps the owner trust of the key instead of clearing it’s trust value. This saves having to manually set the trust value for the key later.
Enter the private key’s passphrase in the [Import Passphrase Prompt> to import the key.
Passphrase Prompt to Import GPG Key
Import Passphrase Prompt
Passphrase Prompt to Import GPG Key
Import Passphrase Prompt
Edit the freshly imported key
➜ gpg --edit-key ponder.stibbons@unseen.edu
gpg (GnuPG) 2.2.20; Copyright (C) 2020 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
gpg (GnuPG) 2.2.20; Copyright (C) 2020 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Secret key is available.
sec rsa4096/C8DE632E9A8A0BDD
created: 2020-11-13 expires: never usage: SC
trust: unknown validity: unknown
trust: unknown validity: unknown
ssb rsa4096/DBCD8B98F2F9188C
created: 2020-11-13 expires: never usage: E
[ unknown> (1). Ponder Stibbons [ponder.stibbons@unseen.edu]
Enter trust
to modify the trust value of the key
gpg> trust
sec rsa4096/C8DE632E9A8A0BDD
sec rsa4096/C8DE632E9A8A0BDD
created: 2020-11-13 expires: never usage: SC
trust: unknown validity: unknown
trust: unknown validity: unknown
ssb rsa4096/DBCD8B98F2F9188C
created: 2020-11-13 expires: never usage: E
[ unknown> (1). Ponder Stibbons [ponder.stibbons@unseen.edu]
Type 5 to trust your keys completely.
Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)
(by looking at passports, checking fingerprints from different sources, etc.)
1 = I don't know or won't say
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu
Your decision? 5
Confirm your choice by entering Y.
Do you really want to set this key to ultimate trust? (y/N) y
sec rsa4096/C8DE632E9A8A0BDD
created: 2020-11-13 expires: never usage: SC
trust: ultimate validity: unknown
trust: ultimate validity: unknown
ssb rsa4096/DBCD8B98F2F9188C
created: 2020-11-13 expires: never usage: E
[ unknown> (1). Ponder Stibbons [ponder.stibbons@unseen.edu]
Please note that the shown key validity is not necessarily correct
unless you restart the program.
Please note that the shown key validity is not necessarily correct
unless you restart the program.
Use the command quit to exit.
gpg> quit
Conclusion
You should now be able to backup and restore your private GPG keys