48
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 28 Aug 2023
48 points (98.0% liked)
Asklemmy
43905 readers
1824 users here now
A loosely moderated place to ask open-ended questions
Search asklemmy ๐
If your post meets the following criteria, it's welcome here!
- Open-ended question
- Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
- Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
- Not ad nauseam inducing: please make sure it is a question that would be new to most members
- An actual topic of discussion
Looking for support?
Looking for a community?
- Lemmyverse: community search
- sub.rehab: maps old subreddits to fediverse options, marks official as such
- !lemmy411@lemmy.ca: a community for finding communities
~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~
founded 5 years ago
MODERATORS
In practice, I believe the private key should contain the public key (or at least sufficient data to recover it): https://superuser.com/questions/814409/gnupg-opengpg-recovering-public-key-from-private-key#814421
I believe you only need your private key to sign files so, technically you only need to back up the private key, but you should test this to be sure it fits your use case.
Depending on how you're backing things up, and what your security goals are, remember that backing up a private key may involve putting that private key on somebody else's computer - i.e. if you use a remote git repo, or cloud backup service, or even send the key to your own (different) machine over an insecure network. Make sure that you've got a way of securely backing up your private key, otherwise you may undermine the whole cryptography thing anyways :).
As always, you should test by backing up your key(s) and then testing that you can actually restore them and successfully sign a file. Backups are only as good as the last time you tested restoring from them.
That's correct. If you're not working with a pure mathematical private key. Any common format contains the information to get the public key, in fact, that's how the public key is generated.
Really appreciate your help I will continue to test everything out with the testing key pair I made but I believe you're right regarding just needing the private/secret key. As for backups, I'll just use the same methods as my password manager vault and keyfiles backups thanks again
Been using PGP for years, everything you said is correct. Create two keys so you have an extra one and make sure your second key is able to decrypt all files (just add it as a recipient).