-
Notifications
You must be signed in to change notification settings - Fork 5
gnupg 2.2 split key
You can split a key into 3 partial keys, so that any 2 of them can be combined to recreate the original key (but a single one is not enough). EasyGnuPG takes advantage of this to save a partial key on the local machine and another partial on a dongle (usb, removable device). The third partial key is used as a backup, to recover the full key in case that the dongle or the computer is lost.
testuser@laptop:~$ egpg key split
Splitting the key: 155E526BA47364BC
Enter the dongle directory: /media/user/sdb1
* Backup partial key saved to: /home/user/155E526BA47364BC.key.089
* Dongle partial key saved to: /media/user/sdb1/.gnupg/155E526BA47364BC.key.113
* Local partial key saved to: /home/user/.egpg/.gnupg/155E526BA47364BC.key.129
The key was split successfully. Whenever you need to use the key
(to sign, seal, open, etc.) connect first the dongle to the PC.
Make sure to move the backup out of the PC (for example on the cloud).
You will need it to recover the key in case that you loose the dongle
or the PC (but it cannot help you if you loose both of them).
testuser@laptop:~$ egpg key recover 155E526BA47364BC.key.089
testuser@laptop:~$ egpg key join
Spliting the key into partial keys makes key management safer and more robust. In case that you loose the dongle the key is not deconspired, because a single partial key is not enough to reconstruct the full key. The same goes for the backup partial key; you can store it on cloud and if somebody manages to get it, they still cannot get your key. Similarly, if you loose the dongle or change the PC, you still can recover the key using the remaining partial key and the backup partial key.