hard-copy backups

Patrick Plattes patrick.plattes at gmx.de
Thu Jan 5 07:39:35 CET 2006 

Atom Smasher wrote:

> has anyone given any thought to what would be the difference between 
> carefully and carelessly making hard-copy backups of secret keys?
>
> i mean, it would be stupid to print a copy of ones secret key (with a 
> weak passphrase) and leave it lying on a table next to a window. OTOH, 
> a printed copy of a secret key (with a strong passphrase) would 
> probably be "secure" in a 10 ton safe.
>
> so how strong should a passphrase be when printing out a secret key in 
> the first place? what are the pros/cons of hiding versus securing a 
> hard-copy? what other factors should be considered?

i think you are mixing up two different things. on the one hand you have 
the problem of security of your data, e.g. no one should read your 
mails, etc. . on the other hand you have the problem of date recovery.

for security you are using a very well gnupg setup.

for data recovery you realy need a copy of your keys. paiper is one of 
the most robust medium to backup date (the egyptain know a more robust 
medium, but the usual computer user is not able to use a hammer and a 
chisel ;) ). i think you shoud take your paper (or flagstone), put them 
into a sealed envelope. give it to you local bank. the german bsi has 
written a book called it-grundschutzhandbuch imho there is also an 
english version avalable. maybe you want to read this.

> bear in mind, these are philosophical questions with philosophical 
> answers... i'm not looking for absolutes.
>
> btw, if anyone prints out their secret key for backup, here's a few 
> lines of shell code that will print a (non-cryptographic) checksum for 
> each line. this way if you have to recover your key from hard-copy, 
> it's *much* easier to find mistakes. an example of the output looks 
> like this (indented):
>
>   -----BEGIN PGP PUBLIC KEY BLOCK-----    3675205589 37
>       3515105045 1
>   mQILBECkOvYBEADJfImYQNznN0PJxkwcGysohePmujLVJTsA30WV9tXrb6+4L5ib    
> 2185591463 65
>   Ed9zHilbvXEgmrLJbG949H7yAwbNAaEjfnlqxBO31BmIJjUDmnXxe3FN98fuKIcq    
> 3919870367 65
>   bVn8aqPOvGGvsJaWDwLyFSG3UT60htHFuh0I0Nco7AB6WTXBrwV/9JDkiy7p0fK5    
> 1339170163 65

i know this little trick from the c64. there was a program called mse :)

have a nice day,
 patrick

More information about the Gnupg-users mailing list