GnuPG (VS-)Desktop®: Moving Data and Keys to a New Computer

Introduction

This guide explains how to transfer your GnuPG data to a new computer—securely, completely, and including all relevant configuration files.

Tip: Backups created on Windows can also be restored on Linux–and vice versa. GnuPG data is platform-independent.

Let's start with the most important part: GnuPG stores all security-related user data in a central location–the GnuPG home directory. No matter whether you're using Windows or Linux, working solo or managing a larger organization, this directory must be transferred in full.

Note: In this guide, the term GnuPG home refers to the personal data directory used by GnuPG to store keys, configuration files, and other user-specific information. It corresponds to the path defined by the GNUPGHOME environment variable.

We'll begin by showing you which files and folders need to be included in your backup. After that, you'll get practical step-by-step instructions for transferring your setup on Windows and Linux–including tips for common use cases and things to watch out for during migration.

Backing up Important Files

To fully transfer your GnuPG user data to a new computer, you need to back up your entire GnuPG home directory. This personal data folder contains:

  • private keys
  • public keys (OpenPGP certificates)
  • S/MIME certificates
  • trust database
  • configuration files

The exact location of this directory depends on your operating system:

  • on Windows: %APPDATA%\gnupg
  • on Linux: ~/.gnupg or ~/.gnupg-vsd

Note: On Linux systems using GnuPG VS-Desktop®, the default directory is ~/.gnupg-vsd. In some environments, for example, when using the command line or older setups, ~/.gnupg might still be in use. If in doubt, check both locations. To find the active GnuPG home directory, run gpgconf --list-dirs homedir.

You should also back up the following Kleopatra configuration files—but only if they are still located outside the GnuPG home directory on the source system:

  • kleopatragroupsrc: Kleopatra groups (relevant for versions prior to 3.3.0)
  • kleopatrarc: user-specific Kleopatra settings (on Windows, relevant for versions prior to 3.4.0)

Note: As of GnuPG VS-Desktop® 3.3.0 and 3.4.0, these files are included in the GnuPG home directory. You only need to back them up separately if you're migrating from an older version or if you've made significant changes to those files.

Overview: Important File Locations

Depending on the operating system and software version, the location of relevant configuration files may vary. The following table shows where GnuPG and Kleopatra store their data by default:

Component Platform up to version 3.2.x as of version 3.3.0 Comment
GnuPG home Windows %APPDATA%\gnupg %APPDATA%\gnupg includes keys, trustdb, configuration
GnuPG home Linux ~/.gnupg or ~/.gnupg-vsd ~/.gnupg or ~/.gnupg-vsd depends on VS-Desktop and usage context
kleopatrarc Windows %LOCALAPPDATA% %APPDATA% user-specific Kleopatra settings
kleopatragroupsrc Windows %LOCALAPPDATA% %APPDATA%\gnupg for Kleopatra group feature
kleopatragroupsrc Linux ~/.config ~/.config or $XDG_CONFIG_HOME, if set

Backup and Restore on Windows

Install GnuPG (VS-)Desktop® on the new system either before or after copying the GnuPG home directory. Just make sure the target user account does not already have a GnuPG home—otherwise, configuration conflicts may occur.

Before transferring the data, fully exit Kleopatra. The safest option is to log out of the old system entirely. This ensures that no background processes are still accessing GnuPG files.

Example: Manual Backup

Copy the folder %APPDATA%\gnupg from the old system to the new one, completely and user-specific, meaning into the new user's %APPDATA%\gnupg directory.

Example (run as administrator in Command Prompt): 

xcopy /E /H /K /R /Y "%APPDATA%\gnupg" "E:\Backup\gnupg"

This command copies the entire gnupg directory to a removable drive (in this case E:), preserving:

  • all subdirectories, including empty ones (/E)
  • hidden files (/H)
  • file attributes (/K)
  • read-only files (/R)
  • overwrites without confirmation (/Y)

To restore the data on the new system, adjust the command accordingly: 

xcopy /E /H /K /R /Y "E:\Backup\gnupg" "%APPDATA%\gnupg"

Tip: The %APPDATA% folder is hidden by default in Windows. You can access it by entering %APPDATA% in the Explorer's address bar or by enabling the display of hidden files.

Notes for Larger Organizations

In environments with many users and a centralized backup strategy, a structured migration process is recommended:

  • Automate backup and restore tasks using scripts or software deployment tools.
  • Use structured target directories such as D:\Backup\<username>\gnupg to keep user profiles clearly separated.
  • Document the storage locations of additional configuration files like kleopatragroupsrc and kleopatrarc.

Always replace placeholders like <username> with the actual profile name. Example: 

xcopy /E /H /K /R /Y "%APPDATA%\gnupg" "D:\Backup\t.tester\gnupg"

Tip: For consistent and repeatable migrations, use a standardized backup strategy—ideally including logging, version tracking, and checksums.

Planned Unification

Future versions of GnuPG VS-Desktop® will consolidate all configuration files into the %APPDATA%\gnupg directory. This will simplify migration and backup procedures going forward.

VS-NfD: Special Considerations for Backups

The backup of the %APPDATA%\gnupg directory typically contains secret key material—unless you use smartcards. It must therefore be classified according to VS-NfD requirements and handled with appropriate security measures.

We recommend storing the backup on a portable, encrypted medium (e.g., USB stick) that is protected in accordance with the German VSA (Classified Information Directive).

Backup and Restore on Linux

You can also transfer an existing GnuPG setup on Linux to a new system. Make sure to copy all relevant files completely and within the correct user context.

Directories and Configuration Files

On Linux, GnuPG stores user data by default in the ~/.gnupg directory. If you use GnuPG VS-Desktop®, the application uses ~/.gnupg-vsd instead—especially in setups compliant with VS-NfD regulations. The reason: Many Linux systems already include a non-compliant version of GnuPG, so the standard directory may not be used by the AppImage.

Note: Make sure to back up the actual directory used on your system.

You should also back up the kleopatragroupsrc file from one of the following locations:

  • $XDG_CONFIG_HOME/kleopatragroupsrc or
  • ~/.config/kleopatragroupsrc

Copying the Directory to External Media

Use a command like the one below to copy your GnuPG directory to an external device: 

cp -a ~/.gnupg{,-vsd} /media/usb-stick/backup-gnupg/

The -a option preserves file permissions, timestamps, and symbolic links.

Alternative: Incremental Backup using rsync

For recurring or automated backups, rsync is a great choice. The following command copies only changed files and ensures proper access permissions: 

rsync -av --chmod=700 ~/.gnupg{,-vsd} /media/usb-stick/backup-gnupg/

You can also use rsync to transfer the directory to your new machine: 

rsync -av --chmod=700 ~/.gnupg{,-vsd} user@new-machine:~/

Note: When used for remote transfers, rsync defaults to =ssh=— so the connection is automatically encrypted.

Security Considerations

Private keys are especially sensitive. If you no longer plan to use the old system, you should securely delete all confidential data—especially the %APPDATA%\gnupg directory on Windows and ~/.gnupg (or ~/.gnupg-vsd for GnuPG VS-Desktop®) on Linux.

If you use GnuPG (VS-)Desktop® in the context of VS-NfD-compliant communication, the backup of the %APPDATA%\gnupg or ~/.gnupg-vsd directory must be handled according to the German Classified Information Directive (VSA). In particular, private keys (unless stored on a smartcard) must be saved to a secure storage medium and protected in accordance with the VSA guidelines.

Tip: When using smartcards, no private key material is stored on the system itself. However, you should still back up the %APPDATA%\gnupg or ~/.gnupg(-vsd) directory to preserve public keys (certificates) and configuration files.

Unless otherwise noted, these web pages are: Copyright 2025 g10 Code GmbH. Verbatim copying and distribution is permitted in any medium, provided this notice is preserved. See the Legal Notice & Privacy Policy for details. This page was last changed on 2025-07-29.