Question about FAQ section 7.1

David Shaw dshaw at
Sat Sep 25 01:02:51 CEST 2004

On Fri, Sep 24, 2004 at 11:24:17PM +0100, Neil Williams wrote:
> On Friday 24 September 2004 10:41 pm, David Shaw wrote:
> > I have backups of my secret key off of my HD, burned onto a CD and
> > stored in a secure place.  Don't forget one of the best backup
> > methods: export the secret key packet with ASCII armor and print it
> > out.  Paper generally is the safest thing out there in terms of media
> > decay.  If all else fails, I can re-type the thing in.
> Ouch!
> > David
> (Which kind of legislates against large key sizes!!)
> I keep print outs of revocation certificates because they are truly
> short - 3 or 4 lines. My secret key is more like 50 lines. I would
> have to be truly desperate to type, check and re-check all those
> characters. I'm generally a good typist, but I wouldn't like to try
> that little exercise! I think I'd find it easier to recreate the
> more important signatures on a new key.

Not the whole secret key.  Just the secret key packet itself.

The logic is that I don't need to do anything special to back up my
public key and signatures since if all else fails I can just get it
from any of a number of keyservers.  The self-sigs are on the public
key as well.

My secret key is backed up in the usual way (CD-R).  The paper copy is
a "if all else fails" backup, and it's not large at all: The only
truly secret part of the secret key is the key data itself, and the
common 1024-bit DSA key is only 11 lines long.  I'd rather type in 11
lines than make a new key.  It's not something I want to do regularly,
but if my CD-R backups fail for whatever reason, I can spend 30
minutes typing it back in again, and not lose access to my encrypted

People often see CD-Rs fail after 3-4 years... paper will last longer
than I will.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 251 bytes
Desc: not available
Url : /pipermail/attachments/20040924/e29b8c7d/attachment.bin

More information about the Gnupg-users mailing list