backing up keys

Tue Nov 17 17:00:20 CET 2015

> I'm new to GPG and am hoping to learn the ropes. Please forgive any
> ignorant questions.

Honest questions get honest and accurate answers.  Can't beat that for
customer service, can you?  :)

> (a) are there any recommended methods by which to back up your private
> and public keys?

Not really, although a fair number of people have written scripts and
tools to help automate the process.  If you were to ask (and tell people
what operating system you're running), you might get some responses.

> (b) is your public key embedded in your private key?

Yes.

> _must_ I back up both files?

You don't technically need to back up your public key, but it's a good
idea to back up your public keyring.  As you communicate more you'll
discover some of your correspondents don't have publicly-available keys
and they want to keep it that way.  If you lose their public key you'll
have to go back to acquiring their public key however you first got it,
which may be anywhere between an annoyance to an impossibility.

> (c) Isn't the private key itself encrypted via AES256 when secured
> with a passphrase? If so, assuming the passphrase is secure enough,
> isn't it sufficient to upload this file to Dropbox, etc. for safe
> keeping? Would appreciate both real-world and theoretical commentary
> on this point.

It depends.  If the bad guys get your encrypted private key they only
need one additional piece of data -- your passphrase -- to
catastrophically wreck your security posture.  If you're completely
confident the bad guys will never get your passphrase, then sure, post
your private key in the _New York Times_.

But maybe you shouldn't be completely confident.  Never underestimate
how foolish you can be when you've had a few glasses of wine and are
chatting up a pretty member-of-the-appropriate-sex.  :)

> (d) as best I can tell, the --armor flag is used to dump the key to
> ASCII. The gpg documentation[1] seems to indicate that paperkey works
> better at backing up to paper. Is there some reason why? Can't we
> simply run --armor, print the output and then use OCR to pull the key
> back in in case of emergency?

paperkey saves you a lot of paper by stripping out everything from the
key except what's absolutely necessary.  This also has the effect of
making the backup more reliable.  If you were to print out a full dump
of my entire private key, for instance, it would be hundreds of pages
long -- there are a couple of JPEG images attached to it.  An error on
page #67 could have catastrophic consequences for restoring from backup.

With paperkey, it gets reduced down to one single page of 8x11 paper.
It's easier to store, easier to handle, and easier to restore from backup.