*PSA* - Back up your keys!

I’ve noticed several recent posts asking how to restore GPG functionality after a computer crash.

The bad news is: if you didn’t store a backup of your private key somewhere safe and separate from the PC that crashed, there is NO way* to decrypt data that was encrypted with the corresponding public key!

The good news is: there are a couple of ways to avoid this problem. First: any time you make a new key, immediately make a revocation certificate and a backup copy of the key and store them somewhere safe. Keys can be kept on a disk or even printed and re-entered manually or with OCR software. This way, you can just reinstall GPG and import your old key. If your key is ever compromised, for whatever reason, you will also be able to revoke it. A revoked key can no longer be used for encryption, but it can still be used to verify old signatures.

Second: Don’t encrypt your own data with your key at all. GPG allows for what is known as symmetric encryption. This model does not rely on the public/private key system, but instead encrypts data using just a passphrase which may or may not be shared by you. Therefore you do not need a key to decrypt the data, just the passphrase.

I feel for anyone who has lost data due to decryption problems. I know from experience what that’s like. I urge anyone reading this forum to look into a good password manager program and some form of encrypted off-site storage for your most valuable data backups. Whether it’s an external drive or disk stored in a safety deposit box or a cloud based solution. And speaking of backups…make them! Trust me when I say that the feeling you get when you remember you made a backup is PRICELESS!!! I cannot stress this enough.

Sean C.

*Unless maybe you’re a billionaire with LOTS of time, but even then you probably couldn’t do it.

Good idea. I put my secret keys into LastPass to remember them. You can add the text keys and the .asc files and revocation key as well.