Backup or transfer your keys

You don't want to loose your keys. But it still can happen - just think of drive failures or physical damage to your computer in the unlikely case of a fire or whatever other disasters may strike. We highly encourage users to create a backup of their keys and keep that in a save place.

Backup single key

  1. select key to backup
  2. click 'Export' icon in the toolbar or press ⌘E
  3. to include the secret key, enable "Include secret key in exported file" option (only necessary to transfer your key to another computer or create a backup in a secure location. never send your sec key via email!)
  4. click 'Save'
  5. with the default options you'll end up with a key in the following format Name (keyID) – Public.asc or Name (keyID) – Secret.asc in case you opted to also export your secret key

Backup all keys

  1. select keys you want to backup or press ⌘A to select all keys
  2. click 'Export' icon in the toolbar or press ⌘E
  3. to also export secret keys tick option to Include secret key in exported file
  4. the default filename is YYYY-MM-DD 123 OpenPGP Keyswhere 123 is the number of the exported keys

Backup gnupg folder

  1. open Terminal.app
  2. copy paste the following command: cp -R ~/.gnupg/ ~/gnupg_backup and press enter

A folder called gnupg_backup has been created in your user folder.

To restore from the backup folder:

  1. close Mail.app and GPG Keychain.app
  2. open Terminal.app
  3. make sure that no automatically created .gnupg folder exists by executing the following command. In case a folder exists, it will be moved to ~/.gnupg.old
    if [[ -d ~/.gnupg ]]; then mv ~/.gnupg ~/.gnupg.old; fi
  4. Restore old backup with the following command:
    mv ~/gnupg_backup ~/.gnupg

Transfer keys to another computer

You can use any of the above methods for this. On the new machine you need to import the exported files with GPG Keychain. After that all your keys should show up. Double check that all sec / pub keys were correctly transferred before deleting the backup and the source files on the first machine.

The validity of sec/pub keys will be set to "Unkown" after any import. It doesn't matter that the validity maybe was "Ultimate" before you exported the keys. To change the validity of your sec/pub key, double click it and select the wanted validity in the key inspector.

Important: Never use email or cloud services to transfer secret keys. Also transfer of all your public keys is not recommended using those two methods. Instead use a USB-drive.

Recover gnupg folder from backup

When you need to find the .gnupg folder on a backup you have on an external drive, it is normally located at 'Macintosh HD/Users/YourUsername/.gnupg'. .gnupg is a hidden folder. In order to show hidden files

  1. open Terminal.app
  2. paste defaults write com.apple.finder AppleShowAllFiles YES and press enter
  3. then paste killall Finder and press enter

To unshow hidden files, repeat steps with NO instead of YES.

To recover your keys from a time machine backup

  1. time machine safes data into a folder called 'Backups.backupdb'
  2. search for a folder called 'YourCompuername' containing sub-folders with date and a folder called 'latest'
  3. the file structure in the 'latest' folder is similar to the one on your mac hard-drive: Macintosh HD/Users/YourUsername/.gnupg. To view the .gnupg folder, ensure to show hidden files.