Backup or transfer your keys

No one wants to loose keys, neither in real life nor digitally. Yet it can still happen: drive failures, physical damage to your computer in the unlikely case of a fire or whatever other disasters may strike.

Thus we highly encourage users to create a backup of their keys and store it in a secure location.

Backup single key

  1. select key to backup
  2. click Export icon or press ⌘E
  3. to include the secret key enable Include secret key in exported file option (do this only to transfer your key to another computer or create a backup - never send your secret key via email).
  4. click Save
  5. following defaults a file with the following format Name (keyID) – Public.asc or Name (keyID) – Secret.asc in case you opted to also export your secret key will be created

Backup all keys

  1. select keys to backup or press ⌘A to select all keys
  2. click Export icon or press ⌘E
  3. to include secret keys tick option to Include secret key in exported file
  4. the default filename is YYYY-MM-DD 123 OpenPGP Keys where 123 is the number of exported keys

Transfer keys to another computer

You can use any of the above methods for this. On the new machine import the exported files with GPG Keychain. After that all your keys should show up. Double check that all sec/pub keys were correctly transferred before deleting the backup or the source files on the old mac.

The validity of sec/pub keys will be set to Unkown after import. It doesn't matter that the validity was set to Ultimate on the old mac. To change the validity of your sec/pub key, double click it and select the desired validity.

Important 1: Never use email or cloud services to transfer secret keys. Also transfer of your public keys is not recommended using those methods. Use a USB-drive or other local sync mechanism instead.

Important 2: If you use the same sec/pub keys on more than one mac, make sure to update or change your keys only on one machine and then always transfer the updated key to your other macs. Never change the same key on two different macs since then the key will be out of sync and that can cause all sorts of trouble. Trust us, you do not want to go down that road.

Recover gnupg folder from backup

The .gnupg folder on a backup is usually located at Macintosh HD/Users/YourUsername/.gnupg. .gnupg is a hidden folder. To show hidden files:

  1. open Terminal
  2. paste defaults write com.apple.finder AppleShowAllFiles YES and press enter
  3. then paste killall Finder and press enter

To hide hidden files again repeat steps with NO instead of YES.

To recover your keys from a time machine backup:

  1. time machine stores data into a folder named Backups.backupdb
  2. search for a folder named YourComputername´ containing sub-folders with date and a folder calledlatest`
  3. the file structure in the latest folder is similar to the one on your mac hard-drive: Macintosh HD/Users/YourUsername/.gnupg. To view the .gnupg folder, ensure to show hidden files.

Backup gnupg folder (experts only)

  1. open Terminal
  2. copy paste the following command: cp -R ~/.gnupg/ ~/gnupg_backup and press enter

The messages about Operation not supported on socket are expected and not a problem. A folder called gnupg_backup has been created in your user folder.

To restore from the backup folder:

  1. close Mail and GPG Keychain
  2. open Terminal
  3. make sure that no automatically created .gnupg folder exists by executing the following command. In case a folder exists, it will be moved to ~/.gnupg.old
    if [[ -d ~/.gnupg ]]; then mv ~/.gnupg ~/.gnupg.$(date "+%y%m%d%H%M%S").old; fi
  4. Restore old backup with the following command:
    mv ~/gnupg_backup ~/.gnupg