Welcome to Part 5 of GPG/PGP Key series.

What we will learn: This is one of the most important part of the entire series. We will learn how to manage our GPG keys – Backing it up, Restoring and Revoking (if need arises). Essentially this part should have come way before any other part  of the series. For some reasons, I completely lost sight of it.

Step 1: Backing up your private/public keys

One of the first step to do once we generate your private/public keypair (as we saw in Part 1) is to back them up. So that we can restore the keys if our machines crashes or we change our computers. One example would be that you buy a new laptop and in future you are going to use that laptop for all your work.  Then you need to transfer those keys to your new computer.

List your keys first.

# gpg --list-keys

/root/.gnupg/pubring.gpg
————————
pub   1024D/EE6E8046 2009-02-20
uid                 Bill Till (My GPG key) <test@abc.com>
sub   2048g/AE3B1BD4 2009-02-20

pub   1024D/E4635BBE 2009-03-16
uid                  John Doe (My first key) <gpg@abc.com>
sub   2048g/0AC353C2 2009-03-16

Select the KeyID which belogs to you. In this case it is EE6E8046.

To backup your Public key give the following command:

#  gpg -ao mypub.key --export EE6E8046

This will create a file called “mypub.key”

To backup your Private key give the following command:

#  gpg -ao myprivate.key--export-secret-keys EE6E8046

This will create a file called “mypub.key”

Now store these two files (mypub.key and mypub.key) on a floppy disk, CD or USB drive and put it away to some secure and safe place.

Generate a revocation key

I will explain later (step 3) why we need to do this step. For now simply give the following command:

# gpg --output myrevoke.key --gen-revoke  EE6E8046

and answer the few questions that will be presented to you. You will be ask for your passphrase also. Once done you should store “myrevoke.key” file to a safe place preferably on a floppy or a CD and store them away.

Step 2: Restoring your GPG key

Now a time comes where you lost your GPG keys and you should like to restore it on another or same machine. To restore the keys give the following commands:

# gpg --import myprivate.key

gpg: key EE6E8046: secret key imported
gpg: key EE6E8046: public key “Bill Till (My GPG key) <test@abc.com>” imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg:       secret keys read: 1
gpg:   secret keys imported: 1

# gpg --import mypub.key

gpg: key EE6E8046: “Bill Till (My GPG key) <test@abc.com>” not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

# gpg --list-keys

/root/.gnupg/pubring.gpg
————————
pub   1024D/EE6E8046 2009-02-20
uid                  Bill Till (My GPG key) <test@abc.com>
sub   2048g/AE3B1BD4 2009-02-20

Congratulations! Your keys have been successfully restored and you can continue to use them as you use to do before. Thank for our Step 1 of backing up the keys

Step 3: Revoking the GPG keys

Just pray that you don’t have to do this step ever because doing this step usually means that:

a) Your private key has been compromised

b) You lost your backup keys

c) You forgot your passphrase (password)

Now suppose you wan’t to revoke your key which basically means that you are not longer going to be using this key in future and would like to inform people on the Internet also.

First we need to revoke the key locally on your machine:
# gpg --import myrevoke.key
The “myrevoke.key” file is from Step 1.

Now we need to inform everybody on the Internet that we are revoking this key and people should not use this key to send you messages. this can be done by informing the keyservers just like when we informed about your newly created public key. To send the revoking information to the keyserver give the following command:

# gpg ---send-keys --keyserver hkp://subkeys.pgp.net EE6E8046

Now anyone who tries to send you a message using your key which has NOW been revoked will get a message. However one needs to refresh their GPG keyring database to get the latest information on the keys. Also it is a good idea to refresh your keys on a regular basis so that you have up-to-date information. You can refresh your keys by following command:

# gpg --refresh-keys --keyserver hkp://subkeys.pgp.net

Step 4: Deleting a key

Suppose you created too many keys while experimenting with GPG and now you are confused with all the keys around. You would like to delete all but one key. Here is how you can delete the extra keys:

# gpg --list-keys

/root/.gnupg/pubring.gpg
————————
pub   1024D/EE6E8046 2009-02-20
uid                 Bill Till (My GPG key) <test@abc.com>
sub   2048g/AE3B1BD4 2009-02-20

pub   1024D/E4635BBE 2009-03-16
uid                  John Doe (My first key) <gpg@abc.com>
sub   2048g/0AC353C2 2009-03-16

Select the KeyID which you would like to delete. In this case it is E4635BBE.

# gpg –delete-secret-and-public-key E4635BBE

The above command removes the key from the private and public keyring. Verify if the key was really deleted:

# gpg --list-keys

/root/.gnupg/pubring.gpg
————————
pub   1024D/EE6E8046 2009-02-20
uid                 Bill Till (My GPG key) <test@abc.com>
sub   2048g/AE3B1BD4 2009-02-20

From the above output we see that the key for “John Doe” is no longer there.

That it! I hope that now you feel that you are in control of your GPG keys and can manage them nicely and in a secure manner.

We guarantee on time success in certification exam with help of testking 640-553 training products. Download the testking PMI-001 dumps and testking 70-647 practice exam to get guaranteed success in exam.

Be Sociable, Share!