hard-copy backups

Atom Smasher atom at smasher.org
Thu Jan 5 06:21:00 CET 2006

has anyone given any thought to what would be the difference between 
carefully and carelessly making hard-copy backups of secret keys?

i mean, it would be stupid to print a copy of ones secret key (with a weak 
passphrase) and leave it lying on a table next to a window. OTOH, a 
printed copy of a secret key (with a strong passphrase) would probably be 
"secure" in a 10 ton safe.

so how strong should a passphrase be when printing out a secret key in the 
first place? what are the pros/cons of hiding versus securing a hard-copy? 
what other factors should be considered?

bear in mind, these are philosophical questions with philosophical 
answers... i'm not looking for absolutes.

btw, if anyone prints out their secret key for backup, here's a few lines 
of shell code that will print a (non-cryptographic) checksum for each 
line. this way if you have to recover your key from hard-copy, it's *much* 
easier to find mistakes. an example of the output looks like this 

   -----BEGIN PGP PUBLIC KEY BLOCK-----	3675205589 37
   	3515105045 1
   mQILBECkOvYBEADJfImYQNznN0PJxkwcGysohePmujLVJTsA30WV9tXrb6+4L5ib	2185591463 65
   Ed9zHilbvXEgmrLJbG949H7yAwbNAaEjfnlqxBO31BmIJjUDmnXxe3FN98fuKIcq	3919870367 65
   bVn8aqPOvGGvsJaWDwLyFSG3UT60htHFuh0I0Nco7AB6WTXBrwV/9JDkiy7p0fK5	1339170163 65

the code works on bsd (zsh) but may have to be slightly modified for other 
operating systems or shells.

while read n
         echo -n "${n}\t"
         echo "${n}" | cksum


  PGP key - http://atom.smasher.org/pgp.txt
  762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808

 	"I contend that we are both atheists. I just believe
 	 in one fewer god than you do. When you understand
 	 why you dismiss all the other possible gods, you
 	 will understand why I dismiss yours."
 		-- Stephen Roberts

More information about the Gnupg-users mailing list