Backing up Private Keys
Robert J. Hansen
rjh at sixdemonbag.org
Mon Apr 15 23:07:54 CEST 2013
On 4/15/2013 1:24 AM, Ashley Holman wrote:
> I also have a followup question. Is it acceptable practice to make a
> paper backup of your private key by exporting it in ascii armored mode
> and printing it onto some paper? (with a passphrase applied of course).
Let me apologize in advance for being pedantic. I understand the
question that I think you meant to ask, but that's not quite the same as
the question you asked. :)
Whether it is acceptable practice depends largely on your local security
policy. I can imagine some installations would disallow this, on the
grounds that backups are the sole responsibility of system
Whether it is sensible practice, though, is a different question
altogether. Without commenting on whether it's acceptable for your
particular situation, I can say pretty confidently that a paper hardcopy
of your private certificate is sensible.
Print it out in a monospace font with the largest point size you can
without causing the lines to wrap. (If you're wondering why, OCR works
best with monospace fonts, and the larger the better.)
> Has anyone ever had to recover from a paper backup - and if so
> do you painstakingly type it to your computer, or use some kind of OCR
> or perhaps QR codes to encode it?
Although I haven't had to recover from a paper backup, I have tested it
a few times using OCR software. Works fine. David Shaw also wrote a
tool called 'paperkey' which yanks the unnecessary bits from a private
certificate, leaving behind a much smaller thing more suitable for
printing. It might be worth looking into.
More information about the Gnupg-users