How does Kleopatra remember certificates?

Hello there.

I recently installed the full gpg4win package for Windows and created a personal certificate as well as imported a certificate. I then uninstalled the package and reinstalled in a separate mounted file container. To my surprise when I opened the reinstalled Kleopatra both of the previous certificates showed up. How did Kleopatra store these? And how can I remove any traces from my computer?

I connect to the net through random VPN so I’m assuming it’s not tied to my IP. Thank you much for your help.


GnuPG stores your keyrings in:


as pubring.gpg and secring.gpg. I guess that, to avoid accidentally losing your entire certificate and trust store, this folder will not be deleted on uninstallation of the package. Don’t delete the keyrings; you can delete individual certificates within Kleopatra [right-click, context menu].

Once you have established certificates for serious use, you need to export them regularly as you get them signed and build up your “web of trust”, and store them somewhere safe, off your computer in case you lose it or it crashes irretrievably - complete loss would be disastrous as you would then need to start all over again - tedious.


Great reply. Thank you very much!

No worries - glad it helped!