backing up keys

James jameszee13 at
Tue Nov 17 13:39:53 CET 2015


I'm new to GPG and am hoping to learn the ropes. Please forgive any
ignorant questions.

(a) are there any recommended methods by which to back up your private
and public keys? I've seen some "paper" methods (paperkey) and some
GitHub gists that have taken the private key, broken it in several
pieces and used QR codes to back up. Which is better? Does it matter?

(b) is your public key embedded in your private key? If you're not
actually uploading your private key to a keyserver (perhaps using the
key to secure data / files instead of email, thus no need for
keyserver), is it sufficient to back up the private key only, or
_must_ I back up both files?

(c) Isn't the private key itself encrypted via AES256 when secured
with a passphrase? If so, assuming the passphrase is secure enough,
isn't it sufficient to upload this file to Dropbox, etc. for safe
keeping? Would appreciate both real-world and theoretical commentary
on this point.

(d) as best I can tell, the --armor flag is used to dump the key to
ASCII. The gpg documentation[1] seems to indicate that paperkey works
better at backing up to paper. Is there some reason why? Can't we
simply run --armor, print the output and then use OCR to pull the key
back in in case of emergency?

Thoughts, ideas and real world experience on securely handling backups
of your sensitive GPG data would be _greatly_ appreciated!



More information about the Gnupg-users mailing list