Backups with gpg encryption
# As root gpg --gen-key gpg --export-secret-keys --armor root@host.example.com > root-privkey.asc # copy root-privkey.asc to a safe place non-online place # export the public key for encrypting and signing gpg --export --armor root@host.example.com > /tmp/root-pubkey.asc # import the key into the backup creator's key ring gpg --import /tmp/root-pubkey.asc gpg --edit-key root@host.example.com ## sign it ## trust it ultimately # modify the backup script to pipe through gpg gtar --totals --bzip2 --create --exclude=Favicons ..... | gpg --encrypt --recipient root@host.example.com > real.backup.filename.here.bz2.gpg