0
When should I backup my primary OpenPGP key?
I recently generated an OpenPGP key using the following setup (output of gpg2 --list-keys
):
pub rsa4096/KEYIDSC 2017-10-19 [SC]
uid [ultimate] My Name <my@mail.com>
sub rsa4096/KEYIDE 2017-10-19 [E]
sub rsa4096/KEYIDS 2017-10-19 [S]
And here is the output of gpg2 --list-secret-keys
:
sec# rsa4096/KEYIDSC 2017-10-19 [SC]
uid [ultimate] My Name <my@mail.com>
ssb rsa4096/KEYIDE 2017-10-19 [E]
ssb rsa4096/KEYIDS 2017-10-19 [S]
To sum it up, I store a backup of my primary key offline (sec#
) and use the subkeys for signing and encrypting.
Now, suppose I want to add an user ID for (with adduid
), I'll import my backup private key and edit it. My questions are now:
- Should I do a new backup of my private key using the export command?
- Do I need to edit the subkeys too? Or did they automatically take into account the addition of the new UID?
- Assuming the subkeys are modified during the process, should I export them to my other computers, or will the old ones continue to do the job?
- I currently didn't upload my key to a keyserver, should I do it? Would it automatically solve the bother of exporting the subkeys again as mentionned in the previous question (if such issues exist)?
- What other commands/actions, besides
adduid
, will require a new backup of my keys?
Please feel free to ask for precisions below, I'll try my best to answer them, but take into account I'm relatively new to OpenPGP.
Thanks very much for your detailed answer, you made me realize I was doing some of the backups wrong. – Louis S. – 2017-10-27T17:03:42.930