TL;DR
This guide shows you how to securely backup your GPG private key within KeePassXC using the built-in attachment feature. This protects your key against loss or corruption of your original storage.
Steps
- Export Your GPG Private Key: First, you need a copy of your private key file. Use Gpg4win (or your preferred GPG tool). Open Kleopatra and select File -> Export. Choose a secure location to save the exported key. Important: You’ll likely be prompted for your passphrase during this process.
kleopatra --export <your_key_id> <filepath>.asc - Open KeePassXC and Select Your Database: Launch KeePassXC and open the database where you want to store your backup key. Ensure it’s unlocked.
- Create a New Entry: Create a new entry in KeePassXC specifically for your GPG private key backup. Give it a descriptive title like “GPG Private Key Backup”.
- Attach the Key File: In the newly created entry, click on the Attachments tab.
- Click the Add button (looks like a paperclip).
- Browse to the location where you saved your exported GPG private key (.asc file) and select it.
- KeePassXC will now store the key file as an attachment within this entry.
- Verify the Attachment: Double-check that the attachment is present and accessible within the KeePassXC entry.
- Secure Your Database: Ensure your KeePassXC database is protected with a strong master password and, ideally, two-factor authentication. This is crucial as it’s now safeguarding your GPG private key backup.
- Consider Multiple Backups: For extra security, consider creating multiple backups of your KeePassXC database in different locations (e.g., external drive, cloud storage). Remember to encrypt these backups if storing them on less secure media.
Important Considerations
- Key Passphrase: This method *does not* store your GPG key passphrase within KeePassXC. You will still need to remember and enter it when using the key.
- Database Security: The security of your GPG private key is directly tied to the security of your KeePassXC database. Protect it diligently!
- Regular Updates: Keep both KeePassXC and Gpg4win (or your chosen GPG tool) updated to benefit from the latest security patches.