Master keydrive exports keys to file

src/freedombone-keydrive

       rm -rf $USB_MOUNT
       exit 73025
   fi
+
+  # export the gpg key and backup key as text
+  # so that it may be imported at the beginning of new installs
+  USER_EMAIL_ADDRESS=$MY_USERNAME@$HOSTNAME
+  GPG_ID=$(gpg --list-keys $USER_EMAIL_ADDRESS | sed -n '2p' | sed 's/^[ \t]*//')
+  GPG_BACKUP_ID=$(gpg --list-keys "(backup key)" | sed -n '2p' | sed 's/^[ \t]*//')
+
+  gpgerrstr=$'error'
+  gpgkey=$(gpg --armor --export $GPG_ID)
+  if [[ "$gpgkey" == *"$gpgerrstr"* ]]; then
+      echo $'Problem exporting public gpg key'
+      echo "$gpgkey"
+      exit 735282
+  fi
+  gpgprivkey=$(gpg --armor --export-secret-key $GPG_ID)
+  if [[ "$gpgprivkey" == *"$gpgerrstr"* ]]; then
+      echo $'Problem exporting private gpg key'
+      echo "$gpgprivkey"
+      gpgprivkey=
+      exit 629362
+  fi
+
+  backupgpgkey=$(gpg --armor --export $GPG_BACKUP_ID)
+  if [[ "$gpgkey" == *"$gpgerrstr"* ]]; then
+      echo $'Problem exporting public gpg key'
+      echo "$gpgkey"
+      exit 735282
+  fi
+  backupgpgprivkey=$(gpg --armor --export-secret-key $GPG_BACKUP_ID)
+  if [[ "$gpgprivkey" == *"$gpgerrstr"* ]]; then
+      echo $'Problem exporting private gpg key'
+      echo "$gpgprivkey"
+      gpgprivkey=
+      exit 629362
+  fi
+
+  echo "$gpgkey" > $USB_MOUNT/.mastergpgkey
+  echo "$gpgprivkey" >> $USB_MOUNT/.mastergpgkey
+  echo "$backupgpgkey" > $USB_MOUNT/.backupgpgkey
+  echo "$backupgpgprivkey" >> $USB_MOUNT/.backupgpgkey
+
   cp -rf /home/$MY_USERNAME/.gnupg $USB_MOUNT
+
   if [ -d /etc/letsencrypt ]; then
       cp -rf /etc/letsencrypt $USB_MOUNT
       echo $"LetsEncrypt keys copied to $USB_DRIVE"

src/freedombone-utils-keys

             cp -r $USB_MOUNT/letsencrypt/* /etc/letsencrypt
         fi
 
-        if [ -d $USB_MOUNT/.gnupg ]; then
-            if [ ! -d $HOME_DIR/.gnupg ]; then
-                mkdir $HOME_DIR/.gnupg
+        if [ -f $USB_MOUNT/.mastergpgkey && -f $USB_MOUNT/.backupgpgkey ]; then
+            # Recovering keys from file rather than just copying the gnupg
+            # directory may help to avoid problems during upgrades/reinstalls
+            su -c "gpg --allow-secret-key-import --import $USB_MOUNT/.mastergpgkey" - $MY_USERNAME
+            su -c "gpg --allow-secret-key-import --import $USB_MOUNT/.backupgpgkey" - $MY_USERNAME
+            if [ -d /home/$MY_USERNAME/.gnupg ]; then
+                chmod 700 /home/$MY_USERNAME/.gnupg
+                chmod -R 600 /home/$MY_USERNAME/.gnupg/*
+                chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg
             fi
-            echo $'Recovering GPG keys'
-            cp -r $USB_MOUNT/.gnupg/* $HOME_DIR/.gnupg
-            GPG_LOADING="no"
             dialog --title $"Recover Encryption Keys" \
-                   --msgbox $"GPG Keyring loaded to $HOME_DIR" 6 70
+                   --msgbox $"GPG Keyring loaded to $HOME_DIR from master keydrive" 6 70
         else
-            if [ ! -d $HOME_DIR/.gnupg_fragments ]; then
-                mkdir $HOME_DIR/.gnupg_fragments
+            if [ -d $USB_MOUNT/.gnupg ]; then
+                if [ ! -d $HOME_DIR/.gnupg ]; then
+                    mkdir $HOME_DIR/.gnupg
+                fi
+                echo $'Recovering GPG keys'
+                cp -r $USB_MOUNT/.gnupg/* $HOME_DIR/.gnupg
+                GPG_LOADING="no"
+                dialog --title $"Recover Encryption Keys" \
+                       --msgbox $"GPG Keyring loaded to $HOME_DIR" 6 70
+            else
+                if [ ! -d $HOME_DIR/.gnupg_fragments ]; then
+                    mkdir $HOME_DIR/.gnupg_fragments
+                fi
+                cp -r $USB_MOUNT/.gnupg_fragments/* $HOME_DIR/.gnupg_fragments
             fi
-            cp -r $USB_MOUNT/.gnupg_fragments/* $HOME_DIR/.gnupg_fragments
         fi
 
         if [[ $SSH_IMPORTED == "no" ]]; then