Backing up your PGP key by hand

Stuart Longland stuartl at longlandclan.id.au
Mon May 23 05:01:27 CEST 2022


On Tue, 03 May 2022 19:52:21 +0000 (UTC)
Matt Borja <me at mattborja.dev> wrote:

> Does exporting your private key (which already comes encrypted and requires
> password authentication) to encrypted USB flash drive then placed under
> lock and key not suffice as an offline backup?

If the USB flash drive does not fail, then yes, it would suffice.

NAND Flash memory (the sort used in USB flash drives), relies on a
static charge being placed on the gate of a MOSFET to "bias" the MOSFET
on or off.

In a perfect world, that gate is perfectly insulated and will not leak.

We don't live in such a world, there is a non-infinite resistance that
allows a leakage current, and the charge will eventually fade.  How
long will that take?  Who knows?

On the other hand, there are paper recordings that have lasted millennia.

Personally, I'm eyeing off the A3 pen-plotter that's at my feet right
now and wondering whether I could get it to "draw" a QR code or similar
2D barcode of a private key.  Sure, it's computer-driven, but it's old
enough to not have the storage capacity to "remember" an A3 image of
a private key.  Make such a program also emit G-code, and you could likely
use any el-cheapo 3D printer mechanism to cobble together such a plotter.
-- 
Stuart Longland (aka Redhatter, VK4MSL)

I haven't lost my mind...
  ...it's backed up on a tape somewhere.



More information about the Gnupg-users mailing list