Site logo

GPG Key Backup and Migration 09/09/25

GPG keys are critical for encryption, signing, and identity verification. Whether you're migrating between systems or just want a proper backup strategy, here's how to export and import your GPG keys safely.

The Problem

You need to:

The Solution

1. Export Your Keys

As the original user, export all your keys to text files:

Export public keys:

gpg -a --export > mypubkeys.asc

Export private keys:

gpg -a --export-secret-keys > myprivatekeys.asc

Export trust database (optional but recommended):

gpg --export-ownertrust > otrust.txt

The -a flag creates ASCII-armored output (base64 encoded), making the files portable across different systems.

2. Transfer the Files

Move these files to where the new user can access them. Keep security in mind—private keys should never be shared via email or stored in world-readable locations like /tmp, even though they're encrypted and require your passphrase.

3. Import on the New System

As the new user, import the keys:

gpg --import myprivatekeys.asc
gpg --import mypubkeys.asc

Import trust database:

gpg --import-ownertrust otrust.txt

Verify the import:

gpg -K  # List private keys
gpg -k  # List public keys

4. Test Everything

Test that encryption and decryption work:

gpg -er USERID somefile.txt  # Encrypt
gpg -d somefile.txt.gpg      # Decrypt

Important: Decryption and signing operations require the user to own the terminal. Don't use su to switch users—login directly via SSH or console instead.

Key Takeaways

This approach works across different Unix systems and provides a complete backup solution for your GPG identity.