Backing up your PGP key by hand

Francesco Ariis fa-ml at ariis.it
Tue May 3 21:08:22 CEST 2022


Hello Jonathan,

Il 02 maggio 2022 alle 13:26 Jonathan Cross via Gnupg-users ha scritto:
> Thank you for sharing this Francesco.
> 
> Yes, having a secure, durable offline backup is important.
> 
> Coming from the Bitcoin space, we've already explored many options in an
> effort to allow users easily to back up private keys.
> 
> I have to say the effort involved in your method seems unrealistic for most
> users:
>
> [...]

    thanks for you feedback message!

As you probably expect, I agree with (almost) everything you say. My
experiment was to document something which — as far as I know — was not
documented until now (although probably done numerous times) and a way
to spur a discussion on the topic of “backing up keys when you cannot
trust or do not have access to some devices”.

The pain points are manifold: some might be mitigated (as Ingo Klöcker
suggested, ed25519 keys are shorter, progressively moving to them would
do a lot); some would need some reworking (or reimagining) of the tools
we use today to sign out documents and encrypt out archives (as much as
`paperkey` is convenient, a “native” solution will always be more
reliable, user-friendly, future-proof).

> But ideally such a system should be standardized and built into gpg so that
> users can be sure they will be able to restore keys.

This would be amazing and hopefully one day a standardised approach will
come to light for PGP too. Happy encrypting everyone
—F



More information about the Gnupg-users mailing list