Backing up Private Keys

Ashley Holman dscvlt at
Mon Apr 15 07:24:04 CEST 2013

Thanks very much for the answer.

I also have a followup question.  Is it acceptable practice to make a paper
backup of your private key by exporting it in ascii armored mode and
printing it onto some paper?  (with a passphrase applied of course).  This
would be to prevent against loss in the event of other media failing.  Has
anyone ever had to recover from a paper backup - and if so do you
painstakingly type it to your computer, or use some kind of OCR or perhaps
QR codes to encode it?

I was reading that the passphrase key derivation algorithm for GPG is
PBKDF2 and that perhaps it would be more vulnerable to a brute force attack
than another algorithm such as scrypt.  Would it be advisable to encrypt my
private key with scrypt or is it recommended to stick to PBKDF2?  What are
the strongest settings for --s2k-cipher-algo, --s2k-digest-algo,
and --s2k-count?

Basically I'm looking to have my private key really protected so that even
if it fell into the wrong hands it would be downright unfeasable to brute
force (yes I have a good passphrase - but looking to make the encryption as
strong as it can be).


On Thu, Apr 11, 2013 at 6:13 PM, Peter Lebbing <peter at>wrote:

> > Does this mean that the public key is exported along with the private
> key?
> Yes, indeed.
> HTH,
> Peter.
> --
> I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
> You can send me encrypted mail if you want some privacy.
> My key is available at <>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130415/c0adbaa4/attachment.html>

More information about the Gnupg-users mailing list