Backing up your PGP key by hand

[Jonathan Cross]

Thank you for sharing this Francesco.

Yes, having a secure, durable offline backup is important.

Coming from the Bitcoin space, we've already explored many options in an
effort to allow users easily to back up private keys.

I have to say the effort involved in your method seems unrealistic for most
users:

> Considering a paperkey is less than 150 lines, that means it should take
50 sessions, or a little less than 2½ months to get it on paper. The whole
effort costs 50×10m ≃ 8 hours of your time.

In Bitcoin, we can use the BIP39 standard to backup nearly infinite number
of keys (trees of derived keys) with just 12 simple English words. It even
has a checksum! Only in the first four letters of each word are even
necessary as those are always distinct making input very quick and easy.

GPG would benefit from something similar.

Only 1% of the 1% of users, will put in the effort in that you did meaning
that most users are not properly backing up their PGP keys and or are
trusting computer hardware/printers.

I see there is efforts like paperkey word list:
https://github.com/vonshednob/paperkeywords

But ideally such a system should be standardized and built into gpg so that
users can be sure they will be able to restore keys.

One can actually use the most popular Bitcoin hardware wallet as a PGP
signing device. Since the device is backed up with a BIP39 "seed phrase",
you can effectively say that it's a way to backup GPG keys with 12 or 24
words:

https://support.ledger.com/hc/en-us/articles/115005200649-OpenPGP?docs=true

The fact that It has a screen and you can input the words directly into the
signing device means that you don't need an air gap computer as well.

That might be a good option for some people.

Jonathan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20220502/8eacff40/attachment-0001.html>