[ale] gpg keyring backup / restore

Greg Freemyer greg.freemyer at gmail.com
Tue Jul 21 22:34:46 EDT 2009


Thanks all.

I had not thought about permissions for some reason.

I'll try it in the morning.

Greg

On Tue, Jul 21, 2009 at 9:25 PM, Jeremy T.
Bouse<jeremy.bouse at undergrid.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Greg,
>
>        I've not used kgpg before but I'm assuming it uses gpg under the hood.
> Have you attempted to just run 'gpg -K' and see what it says? As
> Brandone mentioned as well, it could be that the permissions and
> ownership of the secring.gpg are messed up. Also check the ~/.gnupg
> directory itself. GPG is rather particular about it's perms and
> ownership for security sake.
>
>        For me ~/.gnupg is chmod 700 and owned by my UID:GID. The
> [pub,sec]ring.gpg files are chmod 600 and again owned by my UID:GID. The
> trustdb.gpg is chmod 640.
>
> Greg Freemyer wrote:
>> Jeremy,
>>
>> My tar file will restore and recreates the .gnupg directory as it was
>> a week ago.
>>
>> The problem is that kgpg does not seem to recognize the files and in
>> turn shows me an empty set of keys.  ie. Somehow it seems to know to
>> ignore these restored keyrings.
>>
>> I'm hoping there is a way to tell kgpg to use the various keyrings I backed up.
>>
>> Greg
>>
>> On Tue, Jul 21, 2009 at 6:58 PM, Jeremy T.
>> Bouse<jeremy.bouse at undergrid.net> wrote:
>> Greg Freemyer wrote:
>>>>> All,
>>>>>
>>>>> I have a tar backup of my .gnupg directory.
>>>>>
>>>>> Not sure how, but that directory seems to have become corrupt and gpg
>>>>> is not showing any keys.
>>>>>
>>>>> I hoped (assumed) I could just restore the tar file and all would be good.
>>>>>
>>>>> Seems not to be true.
>>>>>
>>>>> Is there a work around?  In particular, I did not export my private
>>>>> key and back it up as an ascii file, so ...
>>>>>
>>>>> Thanks
>>>>> Greg
>>        I'm afraid that if your existing .gnupg directory contents are corrupt
>> and the tarball you created is unable to restore it sounds like you're
>> GPG key is lost to the big bit bucket in the sky and you'll have to
>> generate a new key. There's no way to regenerate the private key which
>> is why it's so important to make a backup.
>>
>> I've been told that I'm a little bit anal about my GPG key security. You
>> can read my GPG key policy (http://undergrid.net/legal/gpg) if you want
>> to decide for yourself.
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
>>>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iF0EARECAB0FAkpmaqIWGGhrcDovL3N1YmtleXMucGdwLm5ldAAKCRCagQNPdb5V
> Oe0TAKCA9WH5FlVU0d0YgnhnvPdBXoJXHgCgm7CFTNCttXT3F/TIQ41zbK9en8w=
> =jtdi
> -----END PGP SIGNATURE-----
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
>



-- 
Greg Freemyer
Head of EDD Tape Extraction and Processing team
Litigation Triage Solutions Specialist
http://www.linkedin.com/in/gregfreemyer
Preservation and Forensic processing of Exchange Repositories White Paper -
<http://www.norcrossgroup.com/forms/whitepapers/tng_whitepaper_fpe.html>

The Norcross Group
The Intersection of Evidence & Technology
http://www.norcrossgroup.com



More information about the Ale mailing list