Can I use my password manager?

1Password, Bitwarden, KeePassXC and most others support file attachments on secure notes. Attach the .asc, label clearly. Your normal password-manager backup strategy then protects the key backup.

How often should I refresh the backup?

After any of: passphrase change, key rotation, User ID changes, subkey changes, expiration extension. The backup is a snapshot. New changes after the snapshot won't be in it.

// guide / backup-pgp-private-key

How to back up your PGP private key.

Without a backup, losing or wiping your phone means losing the key permanently — and with it, the ability to decrypt anything ever encrypted to you. This is the most important operational step in OpenPGP and it takes five minutes.

~5 minutes Do this immediately after key generation

// at a glance

Open your key in PGPony
Export with secret-key material, ASCII armored
Save the .asc file
Move to durable off-device storage
Verify by importing on a second device

Prerequisites

A PGP secret key in PGPony
The passphrase / biometric that unlocks it
A target destination for the backup that is NOT the same device

// step 01

Open your key in PGPony.

Navigate to your key (the one marked as your private key) in PGPony\'s keyring. The key detail view shows fingerprint, key ID, algorithm, User IDs, and subkey structure.

// step 02

Export including the secret key, ASCII armored.

From the Keyring tab, tap your key to open its detail view. Scroll to find Export Private Key. PGPony walks you through a two-step confirmation (this is destructive secret material, so the warning is intentional) and re-authenticates with biometric before releasing the secret key from the iOS Keychain / Android Keystore.

The output is ASCII-armored — text-based, more portable than binary, and easier to verify by inspection. You can also export from Settings → Data → Export keyring backup if you want every key in your keyring in one file (useful for whole-device backups).

Double-check Confirm the export includes the secret key. Exporting just the public key produces a file fine for sharing but useless as a backup.

// step 03

Save the .asc file.

PGPony writes the export to your phone\'s file system. Pick a clear filename: pgpony-backup-FINGERPRINT-2026-05-28.asc or similar — date matters because key state evolves over time.

// step 04

Move to durable off-device storage.

The backup is useless if it dies with the device. Move it somewhere that survives device loss:

Password manager attachment. 1Password, Bitwarden, etc. allow file attachments on secure notes. Your normal password-manager backup protects the file.
Encrypted USB drive in a safe. Physical, durable, no network attack surface.
Encrypted backup volume / NAS. Roll the .asc into your existing encrypted backup strategy.
Paper backup. For long-term archive. Use a tool like paperkey to extract just the secret material and print as text plus QR.

Don\'t Don\'t leave the backup in unencrypted cloud sync, email drafts, screenshots, or anywhere your phone\'s loss would also lose. The whole point is durability through device loss.

// step 05

Verify by importing on a second device.

A backup you haven\'t tested is a backup you don\'t have. Import the .asc on a second device — an old phone, a friend\'s phone you trust briefly, or a computer with GnuPG — and confirm the fingerprint matches the original.

After successful verification, delete any intermediate transfer copies. The backup file in its final destination is the only one that should persist.

Verify it worked.

The .asc backup exists in your chosen durable storage.
The file imports cleanly into a second OpenPGP tool with matching fingerprint.
You\'ve set a reminder to refresh the backup after any future key changes.

Common questions.

Where should I store the backup?

Anywhere durable and off-device. Password manager attachment, encrypted USB in a safe, encrypted backup volume, paper printout. Not unencrypted cloud, email drafts, or anywhere your phone\'s loss would also lose.

Is paper backup viable?

Yes for the secret key. Tools like paperkey extract the irreducible secret material as printable text plus QR. Restore by scanning and re-importing. Destroy paper when superseded.

Password manager attachment?

1Password, Bitwarden, KeePassXC support file attachments. Attach the .asc to a secure note, label clearly. Common and reasonable choice.

Is the file itself encrypted?

It\'s the OpenPGP S2K-protected secret key block, protected by your passphrase. An attacker with the file still needs the passphrase. Passphrase strength matters; treat the file as sensitive.

How often to refresh the backup?

After passphrase change, key rotation, User ID change, subkey change, or expiration extension. The backup is a snapshot; new changes won\'t be in it.

Next steps.

Get PGPony

Free OpenPGP encryption for iOS and Android. No accounts, no tracking.

Download on the App Store

Get it on Google Play