Backup or transfer your keys

You don't want to loose your keys. But it still can happen - just think of drive failures or physical damage to your computer in the unlikely case of a fire or whatever other disasters may strike. We highly encourage users to create a backup of their keys and keep that in a save place.

  1. Backup single key
  2. Backup all keys
  3. Backup gnupg folder (experts only)
  4. Transfer keys to another machine
  5. Recover gnupg folder from machine backup

1. Backup single key

  1. open GPG Keychain
  2. select the key you want to backup
  3. click "Export" in the toolbar
  4. the filename is the KeyID of your key (can be adjusted if you like)
  5. to include the secret key, activate "Allow secret key export" (only do this if you need to transfer your key to another machine, never email your sec key anywhere)
  6. after clicking "Save" you'll find a file that looks like 123456789KeyID.asc

Step 3

Key_Export_One_Key_normal.png

Step 4 & 5

Key_Export_dialogue.png

2. Backup all keys

  • open GPG Keychain
  • select the keys you want to backup or hit cmd + A to select all keys

Key_Export_all_keys.png

  • click "Export" in the Toolbar or right-click and select Export or use the menu File > Export

Key_export_all_dialogue.png

  • enter a name like "BackupKeys Year-Month-Day"
  • if you want to also include the sec keys, make sure to tick the "Allow secret key export" option

3. Backup gnupg folder (experts only)

  1. open the Finder
  2. hit Shift + CMD + G
  3. paste the following ~/.gnupg
    if you look for this place on an external hard-drive it is located in Macintosh HD/Users/YourUsername/.gnupg), enter the following commands in Terminal.app to show hidden files defaults write com.apple.finder AppleShowAllFiles YES press enter then paste killall Finder press enter again. To unshow hidden files, repeat steps with NO instead of YES.
  4. copy that folder to target location, which could be a new mac to which you want to transfer existing information

4. Transfer keys to another machine

You can use any of the above methods for this. On the new machine you need to import the exported files with GPG Keychain. After that all your keys should show up. Double check that all sec / pub keys were correctly transferred before deleting the backup and the source files on the first machine.

The validity of sec/pub keys will be set to "Unkown" after any import. It doesn't matter that the validity maybe was "Ultimate" before you exported the keys. To change the validity of your sec/pub key, double click it and select the wanted validity in the key inspector.

Important: Never use e-mail or cloud services to transfer secret keys. Also transfer of all your public keys is not recommended using those two methods. Instead use a USB-drive.

5. Recover gnupg folder from machine backup

If your hard-drives dies and you need to recover keys from a time machine backup, here are the steps how to do that. Once you've located the .gnupg folder you can proceed at step 3).Time machine safes data into a folder called "Backups.backupdb". There you'll find a folder called "YourCompuername" containing sub-folders with date and a folder called "latest". In the latest folder you'll find a file structure, similar to the one on your mac hard-drive: Macintosh HD/Users/YourUsername/.gnupg. To be abel to view the ".gnupg" folder, make sure to show hidden files.