Skip to content

Instantly share code, notes, and snippets.

@chrisroos
Created September 9, 2011 10:49
Show Gist options
  • Save chrisroos/1205934 to your computer and use it in GitHub Desktop.
Save chrisroos/1205934 to your computer and use it in GitHub Desktop.
Instructions for exporting/importing (backup/restore) GPG keys

Every so often I have to restore my gpg keys and I'm never sure how best to do it. So, I've spent some time playing around with the various ways to export/import (backup/restore) keys.

Method 1

Backup the public and secret keyrings and trust database

cp ~/.gnupg/pubring.gpg /path/to/backups/
cp ~/.gnupg/secring.gpg /path/to/backups/
cp ~/.gnupg/trustdb.gpg /path/to/backups/
# or, instead of backing up trustdb...
gpg --export-ownertrust > chrisroos-ownertrust-gpg.txt

NOTE The GPG manual suggests exporting the ownertrust instead of backing up the trustdb, although it doesn't explain why.

Restore the public and secret keyrings and trust database

cp /path/to/backups/*.gpg ~/.gnupg/
# or, if you exported the ownertrust
gpg --import-ownertrust chrisroos-ownertrust-gpg.txt

Method 2

This only really works if you don't mind losing any other keys (than your own).

Export public and secret key and ownertrust

gpg -a --export [email protected] > chrisroos-public-gpg.key
gpg -a --export-secret-keys [email protected] > chrisroos-secret-gpg.key
gpg --export-ownertrust > chrisroos-ownertrust-gpg.txt

Import secret key (which contains the public key) and ownertrust

gpg --import chrisroos-secret-gpg.key
gpg --import-ownertrust chrisroos-ownertrust-gpg.txt

Method 3

This is mainly about trusting my key once I've imported it (by either restoring the pubring.gpg and secring.gpg, or by using --import). This seems to be what I do the most as I either forget to import the trustdb or ownertrust.

Ultimately trust the imported key

This is so that I can encrypt data using my public key

gpg --edit-key [email protected]
gpg> trust
Your decision? 5 (Ultimate trust)

NOTE If I don't trust the public key then I see the following message when trying to encrypt something with it:

gpg: <key-id>: There is no assurance this key belongs to the named user
@russellballestrini
Copy link

russellballestrini commented Nov 7, 2020

Thanks @dandv!

I use method 1 to restore my ~/.gnupg directory from a backup.

It didn't work at first, I needed to delete the whole directory first prior to the restore!

@hobti01
Copy link

hobti01 commented Sep 25, 2022

If you've copied or re-created the ownertrust file you may see error

$ gpg --import-ownertrust chrisroos-ownertrust-gpg.txt
gpg: error in 'chrisroos-ownertrust-gpg.txt': line too long

In which case, confirm that there is a newline at the end of the file.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment