Public/Private key locations with Enigmail and Thunderbird on Windows
Sorry if this is a simple answered question, I just cannot find what I'm looking for.
I'd like to find the location of my public/private key combinations on my Windows machine that I made through Enigmail, so I can distribute my public key and make a few backups of my private key. Any ideas where I'd look?
Thanks!
Solution 1:
All GPG keys are stored in the "keyring", which is at ~/.gnupg
or %AppData%/gnupg
. Running gpg --version
will show the path being used.
The usual way of sharing keys is to export them to a file...
gpg -a --export [email protected] > mypubkey.asc
...or to publish it on a keyserver and give others the key ID along with the fingerprint:
gpg --keyserver pool.sks-keyservers.net --send-keys [email protected]
gpg --keyid-format 0xlong --fingerprint [email protected]
The above can also be done using the Enigmail's Key Management window.
When making backups, be aware that the storage format can change over time, and only the export format is well-defined and stable. In particular, GnuPG 2.1 has a very different storage format from GnuPG 1.x, and even in-place upgrades tend to go wrong.
So you should back up the actual keyring files (pubring, secring, trustdb) to make restoring easier (as they also contain personal preferences such as trust levels), however, you must also export your private keys via the --export-secret-keys
option:
gpg --export-secret-keys [email protected] > mysecretkey.asc
Solution 2:
Well, according to section 10.1.15 of the Enigmail handbook:
10.1.15. I lost my passphrase / my key pair / my private key.
A note: Your private key is bundled with your public key in your key pair, hence losing your private key and losing your key pair means exactly the same.
There is no way to recover your passphrase: your only hope is to try to remember what it was. If you don't succeed, you lose the use of your private 89key, and hence your whole key pair is now useless. There is no way to recover your private key, either. It cannot be obtained from your public key or from any message that was signed/encrypted by that private key. You can only recover it if you made a backup in the past.
Hence, losing the passphrase or the key is definitive. If you generated a revocation certificate (and you should have), use it to revoke the key pair.
You must also generate a new key pair, send the new public key to your contacts and warn them not to use the old public key any more.Messages that were sent to you encrypted with the old key cannot be decrypted any more. Messages that were signed by you with the old key can still be verified by the recipients by using the old (revoked) key.
To avoid this disaster, it is recommended that you backup in advance your key pair: from Key Management, select File → Export Keys to File, make sure you included the secret key, then store the file in a safe place. Make sure you chose a passphrase you can remember, too.
Unless going to Key Management does the trick.
If you did export the keys, you could try doing it again and check what file format they are being exported as and do a long, very long search on you C drive for that specific file type and see what and where can be found.