GnuPG (VS-)Desktop®: Moving Configuration Data and Keys to a New Computer

Introduction

This guide explains how to transfer your GnuPG data to a new computer, securely and completely, including all relevant configuration files.

Tip: Backups are platform-independent: a backup created on Windows can be restored on Linux, and vice versa.

GnuPG stores all security-related user data in a single location: the GnuPG home directory, which corresponds to the path defined by the GNUPGHOME environment variable. No matter whether you're using Windows or Linux, working solo or managing a larger organization, this directory must be transferred in full. The sections below walk you through which files to back up and how to perform the transfer on Windows and Linux.

We'll begin by showing you which files and folders need to be included in your backup. After that, you'll get practical step-by-step instructions for transferring your setup on Windows and Linux–including tips for common use cases and things to watch out for during migration.

Backing up Important Files

To fully transfer your GnuPG user data to a new computer, you need to back up your entire GnuPG home directory. This personal data folder contains:

  • private keys
  • public keys (OpenPGP certificates)
  • S/MIME certificates
  • trust database
  • configuration files

The exact location of this directory depends on your operating system:

  • on Windows: %APPDATA%\gnupg
  • on Linux: ~/.gnupg-vsd

Note: On Linux, GnuPG VS-Desktop® uses ~/.gnupg-vsd as its home directory by default. Keep in mind that most systems also have a second, separate GnuPG installation in ~/.gnupg. This is the system's own GnuPG installation, needed for tasks like package management, and you might use it yourself for encryption that is not VS-NfD related. When you create your backup, make sure you copy ~/.gnupg-vsd and not the system directory. If you are not sure, back up both. That never hurts.

If you have customized your Kleopatra settings, you should also back up the following configuration files. This is only necessary if they are still stored outside the GnuPG home directory in the version installed on your source system:

  • kleopatragroupsrc: Kleopatra groups (relevant for versions prior to 3.3.x)
  • kleopatrarc: user-specific Kleopatra settings (on Windows, relevant for versions prior to 3.4.0)

Note: As of GnuPG VS-Desktop® 3.3.x and 3.4.x, these files are included in the GnuPG home directory. You only need to back them up separately if you are migrating from an older version and have made significant changes to those files.

Overview: Important File Locations

Depending on the operating system, the location of relevant configuration files may vary. The following tables show where GnuPG and Kleopatra store their data by default, as of version 3.3.x.

Windows

Component Location Comment
GnuPG home %APPDATA%\gnupg includes keys, trustdb, user-specific configuration
kleopatragroupsrc %APPDATA%\gnupg\kleopatra for Kleopatra group feature
kleopatrarc 3.3.x: %LOCALAPPDATA%
3.4.x: %APPDATA%\GnuPG VS-Desktop or %APPDATA%\GnuPG Desktop		 user-specific Kleopatra settings

Note: Prior to version 3.3.x (obsolete), both kleopatragroupsrc and kleopatrarc were stored in %LOCALAPPDATA%. If you are migrating from a version older than 3.3.x, check that location as well.

Linux

Component Location Comment
GnuPG home ~/.gnupg-vsd for GnuPG VS-Desktop
kleopatragroupsrc ~/.gnupg-vsd/kleopatra for Kleopatra group feature, GnuPG VS-Desktop
kleopatrarc ~/.config or $XDG_CONFIG_HOME, if set (applies to all Kleopatra versions)

Note: Prior to version 3.3.x (obsolete), kleopatragroupsrc was stored in ~/.config (or $XDG_CONFIG_HOME if set) instead of ~/.gnupg-vsd/kleopatra. If you are migrating from an older version, check that location as well.

Backup and Restore on Windows

Install GnuPG (VS-)Desktop® on the new system either before or after copying the GnuPG home directory. Just make sure the target user account does not already have a GnuPG home—otherwise, configuration conflicts may occur.

Before transferring the data, fully exit Kleopatra. The safest option is to log out of the old system entirely. This ensures that no background processes are still accessing GnuPG files.

Example: Manual Backup

Copy the folder %APPDATA%\gnupg from the old system to the new one, completely and user-specific, meaning into the new user's %APPDATA%\gnupg directory.

Example (run as administrator in Command Prompt): 

xcopy /E /H /K /R /Y "%APPDATA%\gnupg" "E:\Backup\gnupg"

This command copies the entire gnupg directory to a removable drive (in this case E:), preserving:

  • all subdirectories, including empty ones (/E)
  • hidden files (/H)
  • file attributes (/K)
  • read-only files (/R)
  • overwrites without confirmation (/Y)

To restore the data on the new system, adjust the command accordingly: 

xcopy /E /H /K /R /Y "E:\Backup\gnupg" "%APPDATA%\gnupg"

Tip: The %APPDATA% folder is hidden by default in Windows. You can access it by entering %APPDATA% in the Explorer's address bar or by enabling the display of hidden files.

Notes for Larger Organizations

In environments with many users and a centralized backup strategy, a structured migration process is recommended:

  • Automate backup and restore tasks using scripts or software deployment tools.
  • Use structured target directories such as D:\Backup\<username>\gnupg to keep user profiles clearly separated.
  • Document the storage locations of additional configuration files like kleopatragroupsrc and kleopatrarc.

Always replace placeholders like <username> with the actual profile name. Example: 

xcopy /E /H /K /R /Y "%APPDATA%\gnupg" "D:\Backup\t.tester\gnupg"

Tip: For consistent and repeatable migrations, use a standardized backup strategy—ideally including logging, version tracking, and checksums.

Planned Unification

Future versions of GnuPG VS-Desktop® will consolidate all configuration files into the %APPDATA%\gnupg directory. This will simplify migration and backup procedures going forward.

VS-NfD: Special Considerations for Backups

The backup of the %APPDATA%\gnupg directory typically contains secret key material—unless you use smartcards. It must therefore be classified according to VS-NfD requirements and handled with appropriate security measures.

We recommend storing the backup on a portable, encrypted medium (e.g., USB stick) that is protected in accordance with the German VSA (Classified Information Directive).

Backup and Restore on Linux

You can also transfer an existing GnuPG setup on Linux to a new system. Make sure to copy all relevant files completely and within the correct user context.

Directories and Configuration Files

On Linux, GnuPG stores user data by default in the ~/.gnupg directory. If you use GnuPG VS-Desktop®, the application uses ~/.gnupg-vsd instead—especially in setups compliant with VS-NfD regulations. The reason: Many Linux systems already include a non-compliant version of GnuPG, so the standard directory may not be used by the AppImage.

Note: Make sure to back up the actual directory used on your system.

You should also back up the kleopatragroupsrc file from one of the following locations:

  • $XDG_CONFIG_HOME/kleopatragroupsrc or
  • ~/.config/kleopatragroupsrc

Copying the Directory to External Media

Use a command like the one below to copy your GnuPG directory to an external device: 

cp -a ~/.gnupg{,-vsd} /media/usb-stick/backup-gnupg/

The -a option preserves file permissions, timestamps, and symbolic links.

Alternative: Incremental Backup using rsync

For recurring or automated backups, rsync is a great choice. The following command copies only changed files and ensures proper access permissions: 

rsync -av --chmod=700 ~/.gnupg{,-vsd} /media/usb-stick/backup-gnupg/

You can also use rsync to transfer the directory to your new machine: 

rsync -av --chmod=700 ~/.gnupg{,-vsd} user@new-machine:~/

Note: When used for remote transfers, rsync defaults to =ssh=— so the connection is automatically encrypted.

Security Considerations

Private keys are especially sensitive. If you no longer plan to use the old system, you should securely delete all confidential data—especially the %APPDATA%\gnupg directory on Windows and ~/.gnupg (or ~/.gnupg-vsd for GnuPG VS-Desktop®) on Linux.

If you use GnuPG (VS-)Desktop® in the context of VS-NfD-compliant communication, the backup of the %APPDATA%\gnupg or ~/.gnupg-vsd directory must be handled according to the German Classified Information Directive (VSA). In particular, private keys (unless stored on a smartcard) must be saved to a secure storage medium and protected in accordance with the VSA guidelines.

Tip: When using smartcards, no private key material is stored on the system itself. However, you should still back up the %APPDATA%\gnupg or ~/.gnupg(-vsd) directory to preserve public keys (certificates) and configuration files.

Unless otherwise noted, these web pages are: Copyright 2025 g10 Code GmbH. Verbatim copying and distribution is permitted in any medium, provided this notice is preserved. See the Legal Notice & Privacy Policy for details. This page was last changed on 2026-06-05.