3

I am using GnuPG 2.2.20 to create my key pair.

I have successfully created a key pair, now I want to create a backup copy in case of HDD failure.

Following the instruction here, I have tried

gpg --output backupkeys.pgp --armor --export-secret-keys --export-options export-backup MYEMAIL@MYDOMAIN.com

but only the private key is exported.

So for now I have:

  1. Exported the private key

gpg --export-secret-keys --armor MYEMAIL@MYDOMAIN > private.asc

  1. Exported the public key

gpg --export --armor MYEMAIL@MYDOMAIN > public.asc

Questions:

  1. What is the correct command to backup my key pair?

  2. Where should I keep the backup? Since the private key is in plain text, should I further encrypt it with a password of mine?

robertspierre
  • 495
  • 2
  • 11
  • 1
    The PGP and GPG private key format (both internal and exported) includes the public key data, always. (This is also true in much other PKC, but not all.) The private key is not plaintext, it is encrypted with a password -- which in fact you must re-enter to do the export though maybe not if you have previously used that key within the lifetime of your agent (usually the same login session). Are you confusing the armor _format_ with plaintext? It's not. – dave_thompson_085 Jan 29 '21 at 02:35
  • @dave_thompson_085 thanks :) so I only need to save the private key. When I exported the private key, it asked for the password. So I thought that the key was decrypted with the password and then exported. If the key is exported encrypted with the password, why it is asking me the password to export it in the first place? – robertspierre Jan 29 '21 at 03:09
  • 1
    GnuPG 2.2 export re-encrypts (with the same password) because it must reformat the key from its internal form to the OpenPGP form; see https://security.stackexchange.com/questions/230450/generating-multiple-gpg-private-keys-for-provenance – dave_thompson_085 Jan 30 '21 at 00:19

1 Answers1

2

What is the correct command to backup my key pair?

You got it right. Exporting the secret key does export the key pair. The PGP private key includes the public key. Just as @raffaem said in his comment.

Also, in regards to the actual key data itself, an RSA or ECC public key can be derived from its corresponding private key.

Where should I keep the backup? Since the private key is in plain text, should I further encrypt it with a password of mine?

You should always encrypt these backups. But you don't need to "further encrypt" anything. GPG will do password-based encryption for you. That's why gpg asks you for a password when it exports the private key. The private key is only exported as plaintext if you chose to enter a blank password (viz. not enter a password).

[From the comments] When I exported the private key, it asked for the password. So I thought that the key was decrypted with the password and then exported. If the key is exported encrypted with the password, why it is asking me the password to export it in the first place?

Because you are choosing the password when you export the key. There is no password before that (unless you lock your keyring with a password, but you will have needed to unlock it for gpg beforehand anyway).

GPG takes the private key, asks you for a password, and uses the password to encrypt the private key. Then it outputs the ciphertext private key. It is doing automatically exactly what I think you imagined doing manually when you asked about whether to "further encrypt it with a password of mine".

William Rosenbloom
  • 1,516
  • 2
  • 6
  • 12
  • 2
    `GPG takes the private key, asks you for a password, and uses the password to encrypt the private key`. When I run `gpg --export-secret-key`, I have to insert the password I chose when I created the private key. An arbitrary password will not work. So again, what is gpg doing here exactly? If GPG stores on disk the private key encrypted with the password I chose when I created it, why when I export the key it is asking for the same password, instead of just dumping what is has stored (which is already encrypted with the password)? – robertspierre Jan 29 '21 at 11:25
  • Point is, GPG is not asking me for "a password". GPG is asking me for "THE password", the one that I have set when I created the private key – robertspierre Jan 29 '21 at 11:58
  • @raffaem Oh ok I understand. That's a good question. I never thought about it. Good practice is to use different passwords in different places, and out of habit I just assume decrypt and recrypt, but I guess maybe you don't need to. Honestly, there's a possibility the developers made the same assumption. It's also possible there's no way to know which private key is yours without the password. I'll look into this. – William Rosenbloom Jan 29 '21 at 16:11
  • 1
    The OpenPGP packet format, which is how exported keys are stored for backup or transfer, requires checksum metadata derived from the unencrypted key material. GnuPG does not store this metadata in its `private-keys-v1.d` secret key files, so it must be generated anew during export. This is why you must enter a passphrase when exporting a passphrase-protected key - GnuPG has to calculate the checksum for inclusion with the exported key material. Note that the exported key itself remains encrypted. – fuzzydrawrings Jun 28 '21 at 18:47
  • In addition to the checksum, there is also string-to-key salt metadata, which is different every time a key is encrypted. – fuzzydrawrings Jun 28 '21 at 18:55