Asklemmy

43336 readers

778 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy 🔍

If your post meets the following criteria, it's welcome here!

Open-ended question
Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
Not ad nauseam inducing: please make sure it is a question that would be new to most members
An actual topic of discussion

Looking for support?

Looking for a community?

Lemmyverse: community search
sub.rehab: maps old subreddits to fediverse options, marks official as such
!lemmy411@lemmy.ca: a community for finding communities

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 5 years ago

MODERATORS

What to backup so I can keep digitally signing with a gpg key pair (lemmy.today)

submitted 1 year ago* (last edited 1 year ago) by Extrasvhx9he@lemmy.today to c/asklemmy@lemmy.ml

2 comments fedilink hide all child comments

Hey so I'm new to the world of gpg/pgp. Using a test gpg key pair I created, the goal was to digitally sign a odf so I was wondering what do I backup so I could keep signing digitally using this key in case shit hits the fan and my computer no longer works? Using seahorse, I perfer it to the terminal, the options are to either export the public key or the secret key and I'm honestly confused should I do both or just the secret key? I did notice people also just take a copy of their .gnupg directory but I feel thats just to backup all of their keys including imported ones rather than a singular one. Any help is appreciated preferably as if you were talking to a 5 year old

The TLDR: Just created a gpg key pair now how do I back it up?

top 2 comments

sorted by: hot top controversial new old

[–] planetaryprotection@midwest.social 0 points 1 year ago (1 children)

In practice, I believe the private key should contain the public key (or at least sufficient data to recover it): https://superuser.com/questions/814409/gnupg-opengpg-recovering-public-key-from-private-key#814421

I believe you only need your private key to sign files so, technically you only need to back up the private key, but you should test this to be sure it fits your use case.

Depending on how you're backing things up, and what your security goals are, remember that backing up a private key may involve putting that private key on somebody else's computer - i.e. if you use a remote git repo, or cloud backup service, or even send the key to your own (different) machine over an insecure network. Make sure that you've got a way of securely backing up your private key, otherwise you may undermine the whole cryptography thing anyways :).

As always, you should test by backing up your key(s) and then testing that you can actually restore them and successfully sign a file. Backups are only as good as the last time you tested restoring from them.

[–] PlexSheep@feddit.de 0 points 1 year ago

That's correct. If you're not working with a pure mathematical private key. Any common format contains the information to get the public key, in fact, that's how the public key is generated.