TIL that after generating a GPG key pair, one should always backup the following:
- key pair itself:
gpg -o private.gpg --export-options backup --export-secret-keys my-key
- revocation certificate:
gpg --output revoke.asc --gen-revoke my-key
- key passphrase: should be stored separately from the above, ideally on a password manager
Always consider carefully your security requirements for decisions regarding redundancy and backup storage location (ideally on offline media).
For more information, please check: