GPG2 Export and Trust Key
Introduction
I use GPG2 keys to encrypt backups which are moved on the net. The process is rather standard and roughly the following:
Setup:
- I use GPG2 to create an asymmetric key: the public key is used to encrypt the backup; the private key to decrypt it.
Operations:
- Server A (the client):
- on a regular basis, through a Cron job or a Systemd timer, the client creates a backup and encrypts it with the public key
- it sends the backup to server B (the host), where the backup is stored
- Server B (the host):
- it stores the encrypted backups
- the private key can be used to decrypt the backups on a need-basis.
These are the steps for generating the key-pair, exporting it, importing, and trusting the key on the client keyring. Trusting the key is important, as GPG will ask for a confirmation if the key is untrusted and scripts will fail.
Create the key pair
gpg2 --generate-key
Export the public key
gpg2 --export --armor --output key.asc <key-name> scp key.asc user@client:~
Import and trust the public key
On the client:
ssh user@client gpg2 --import key.asc gpg2 --edit <key-name> gpg> trust Please decide how far you trust this user to correctly verify other users' keys (by looking at passports, checking fingerprints from different sources, etc.) 1 = I don't know or won't say 2 = I do NOT trust 3 = I trust marginally 4 = I trust fully 5 = I trust ultimately m = back to the main menu Your decision? 5 Do you really want to set this key to ultimate trust? (y/N) y