This dawned on me just a while ago.
After installing Kubuntu 7.04 Beta on my machine and trying to reconfigure Enigmail for Mozilla Thunderbird. I wasn’t really noticing that I made a big mistake because I can get my public key. However, when I tried to encrpt messages, that’s where I started to realize that I cannot recover the private (or secret) key when it’s lost!
Retracing my steps, I lost it when I reformatted a partition during Kubuntu’s install process. Apparently the secret key is stored in my home directory, on one of the database files gpg made during key generation.
So I am now going through the inconvenience of creating another set of keys, uploading the public key to the keyservers, and then reconfiguring my Launchpad account to accept the new key and cancel the old one. Apparently I cannot create a revocation certificate for the old public key since it needs the private key to create it, so I just have to inform everyone I know that I changed my public key.
(I will not discuss the process of creating keypairs and uploading them to the keyservers anymore, since a lot of utility programs can do this.)
How do we get along with creating a backup set of keypairs?
- Use
gpg --list-keysto get a list of the keys stored on the machine. To store this to a file, redirect the output to your desired path and filename: - Take note of the ID of the key you want to backup. The output file in the previous operation should contain a line where it shows something like:
pub 1024D/1234ABCD...The hexadecimal code following the slash character is the corresponding key ID,1234ABCDin our example. We will use this value to indicate the key ID in the succeeding steps. - Get the public key using the following command. You should be able to view the contents of the public key when you open the specified file:
- Get the private key using the following command. You should be able to view the contents of the private key when you open the specified file:
- Create a revocation key using the following command. You need this in case you want to revoke the corresponding public key:
gpg --list-keys > /path/to/<filename>
gpg -ao /path/to/<filename> --export 1234ABCD
gpg -ao /path/to/<filename> --export-secret-keys 1234ABCD
gpg -ao /path/to/<filename> --gen-revoke 1234ABCD
I make sure that these files are placed somewhere else on my hard disk (and removable media), to avoid not being able to restore them after a reformat.
To restore the keys, we need to do the following:
gpg --import /path/to/<filename>
Now we don’t have any reason to say that we lost our keys again, do we?