create gpg key then backup and restore
( created: 2025-05-10 @jakarta / updated: 2025-05-10 )
i just recently re-setup my macbook and want to setup gpg signing again. but unfortunately, i forgot to backup my last key, so dumb, i lost it. i do have backup of my old key, but already expired in january 2025. so here it is.
wait, for complete tutorial, read man gpg
.
install gnupg
- mac os:
$ brew install gnupg
- linux:
$ #compile it your self if you brave
fun fact: gpg started by zimmermann back in 1991, and usa govt categorize it as munition (military stuff).
create gpg key
simplest way: just run gpg --full-generate-key
then follow prompt.
*only available on gpg ^2.1.17
my good defaults: simply follow their default duh.
- type of key: ecc (sign and encrypt)
- elliptic curve: curve 25519
- expiry: 5y (fun and not to long)
- real name: <your real name>
- email address: <your email addr>
- comment: <i leave it empty>
- passphrase: <up to you, secure to have>
list gpg keys
run gpg --list-keys
view public key
run gpg --export -a <ID>
view private key
run gpg --export-secret-keys -a <ID>
backup gpg keys
backup of gpg keys is basically just backing up the public key and private key.
important: save it somewhere safe, dont leak the privkey.
- backup pubkey:
gpg --export -a <ID> > pubkey.asc
- backup privkey:
gpg --export-secret-keys -a <ID> > privkey.asc
restore gpg keys
its the reverse. we just need to re-import.
- restore pubkey:
gpg --import pubkey.asc
- restore privkey:
gpg --import privkey.asc