Question about FAQ section 7.1
David Shaw
dshaw at jabberwocky.com
Sat Sep 25 01:02:51 CEST 2004
On Fri, Sep 24, 2004 at 11:24:17PM +0100, Neil Williams wrote:
> On Friday 24 September 2004 10:41 pm, David Shaw wrote:
> > I have backups of my secret key off of my HD, burned onto a CD and
> > stored in a secure place. Don't forget one of the best backup
> > methods: export the secret key packet with ASCII armor and print it
> > out. Paper generally is the safest thing out there in terms of media
> > decay. If all else fails, I can re-type the thing in.
>
> Ouch!
>
> > David
>
> (Which kind of legislates against large key sizes!!)
>
> I keep print outs of revocation certificates because they are truly
> short - 3 or 4 lines. My secret key is more like 50 lines. I would
> have to be truly desperate to type, check and re-check all those
> characters. I'm generally a good typist, but I wouldn't like to try
> that little exercise! I think I'd find it easier to recreate the
> more important signatures on a new key.
Not the whole secret key. Just the secret key packet itself.
The logic is that I don't need to do anything special to back up my
public key and signatures since if all else fails I can just get it
from any of a number of keyservers. The self-sigs are on the public
key as well.
My secret key is backed up in the usual way (CD-R). The paper copy is
a "if all else fails" backup, and it's not large at all: The only
truly secret part of the secret key is the key data itself, and the
common 1024-bit DSA key is only 11 lines long. I'd rather type in 11
lines than make a new key. It's not something I want to do regularly,
but if my CD-R backups fail for whatever reason, I can spend 30
minutes typing it back in again, and not lose access to my encrypted
data.
People often see CD-Rs fail after 3-4 years... paper will last longer
than I will.
David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 251 bytes
Desc: not available
Url : /pipermail/attachments/20040924/e29b8c7d/attachment.bin
More information about the Gnupg-users
mailing list