How to Fully Backup and Restore gpg Keys, Signatures and Settings

My gpg backup process so far is:

$ gpg --export-ownertrust > PATH/TO/BACKUP/ownertrust.txt
$ cp -u ~/.gpgrc PATH/TO/BACKUP/
$ cp -u ~/.gnupg/gpg.conf ~/.gnupg/gpg-agent.conf PATH/TO/BACKUP/
$ gpg --export-secret-keys --armor
copy and paste/print/save output to your choice of secure place (ideally offline and offsite)

My gpg restore process so far is:

$ gpg --list-keys # make sure gpg is installed and initiated (install if necessary)
$ rm ~/.gnupg/trustdb.gpg
Copy private key to temporary file if not in file format
$ gpg --import TEMPFILE.asc # substitute TEMPFILE with your sig/asc filename
$ gpg --import-ownertrust PATH/TO/BACKUP/ownertrust.txt

This gets me up and running again, but none of the 3rd party (e.g. skype, ubuntu, archlinux, etc...) public keys or signatures that I had before are restored.

How do I modify my backup and restore processes to capture these 3rd party keys and signatures?


Solution 1:

This gets me up and running again, but none of the 3rd party (e.g. skype, ubuntu, archlinux, etc...) public keys or signatures that I had before are restored.

That is because you only exported your own keys (--export-secret-keys). To export all public keys you must use the --export command.

How do I modify my backup and restore processes to capture these 3rd party keys and signatures?

Add --export (to export your public keyring and exportable signatures) with the option --export-options backup (to include all local signatures) to your gpg export process:

$ gpg --export-options backup -o PATH/TO/BACKUP/keyring.gpg --export

Then add the following to your gpg restore process:

$ gpg --import-options restore --import PATH/TO/BACKUP/keyring.gpg