GPG2 Export and Trust Key



I use GPG2 keys to encrypt backups which are moved on the net. The process is rather standard and roughly the following:


  1. I use GPG2 to create an asymmetric key: the public key is used to encrypt the backup; the private key to decrypt it.


  1. Server A (the client):
    • on a regular basis, through a Cron job or a Systemd timer, the client creates a backup and encrypts it with the public key
    • it sends the backup to server B (the host), where the backup is stored
  2. Server B (the host):
    • it stores the encrypted backups
    • the private key can be used to decrypt the backups on a need-basis.

These are the steps for generating the key-pair, exporting it, importing, and trusting the key on the client keyring. Trusting the key is important, as GPG will ask for a confirmation if the key is untrusted and scripts will fail.

Create the key pair

gpg2 --generate-key

Export the public key

gpg2 --export --armor --output key.asc <key-name>
scp key.asc user@client:~

Import and trust the public key

On the client:

ssh user@client

gpg2 --import key.asc
gpg2 --edit <key-name>
gpg> trust
Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)

  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu

Your decision? 5
Do you really want to set this key to ultimate trust? (y/N) y