this post was submitted on 28 Aug 2023
49 points (98.0% liked)

Asklemmy

43939 readers
499 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy ๐Ÿ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 5 years ago
MODERATORS
 

Hey so I'm new to the world of gpg/pgp. Using a test gpg key pair I created, the goal was to digitally sign a odf so I was wondering what do I backup so I could keep signing digitally using this key in case shit hits the fan and my computer no longer works? Using seahorse, I perfer it to the terminal, the options are to either export the public key or the secret key and I'm honestly confused should I do both or just the secret key? I did notice people also just take a copy of their .gnupg directory but I feel thats just to backup all of their keys including imported ones rather than a singular one. Any help is appreciated preferably as if you were talking to a 5 year old

The TLDR: Just created a gpg key pair now how do I back it up?

top 5 comments
sorted by: hot top controversial new old
[โ€“] planetaryprotection@midwest.social 16 points 1 year ago (3 children)

In practice, I believe the private key should contain the public key (or at least sufficient data to recover it): https://superuser.com/questions/814409/gnupg-opengpg-recovering-public-key-from-private-key#814421

I believe you only need your private key to sign files so, technically you only need to back up the private key, but you should test this to be sure it fits your use case.

Depending on how you're backing things up, and what your security goals are, remember that backing up a private key may involve putting that private key on somebody else's computer - i.e. if you use a remote git repo, or cloud backup service, or even send the key to your own (different) machine over an insecure network. Make sure that you've got a way of securely backing up your private key, otherwise you may undermine the whole cryptography thing anyways :).

As always, you should test by backing up your key(s) and then testing that you can actually restore them and successfully sign a file. Backups are only as good as the last time you tested restoring from them.

[โ€“] PlexSheep@feddit.de 11 points 1 year ago

That's correct. If you're not working with a pure mathematical private key. Any common format contains the information to get the public key, in fact, that's how the public key is generated.

[โ€“] Extrasvhx9he 5 points 1 year ago

Really appreciate your help I will continue to test everything out with the testing key pair I made but I believe you're right regarding just needing the private/secret key. As for backups, I'll just use the same methods as my password manager vault and keyfiles backups thanks again

[โ€“] zerbey@lemmy.world 2 points 1 year ago* (last edited 1 year ago)

Been using PGP for years, everything you said is correct. Create two keys so you have an extra one and make sure your second key is able to decrypt all files (just add it as a recipient).

[โ€“] Synthead@lemmy.world 1 points 1 year ago

You can back up your public and private keys, like you would with SSH.