<div dir="auto">Does exporting your private key (which already comes encrypted and requires password authentication) to encrypted USB flash drive then placed under lock and key not suffice as an offline backup?</div><div dir="auto"><br></div><div dir="auto">Aside: Private keys aren’t the only thing that should be getting backed up. Revocation certs are perhaps just as important, if not more. Private keys can be replaced all day long, but you can’t replace revocation certs once the private key is lost (requiring revocation).</div><div dir="auto"><br></div><div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, May 3, 2022 at 12:17 Francesco Ariis <<a href="mailto:fa-ml@ariis.it">fa-ml@ariis.it</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;padding-left:1ex;border-left-color:rgb(204,204,204)">Hello Jonathan,<br>
<br>
Il 02 maggio 2022 alle 13:26 Jonathan Cross via Gnupg-users ha scritto:<br>
> Thank you for sharing this Francesco.<br>
> <br>
> Yes, having a secure, durable offline backup is important.<br>
> <br>
> Coming from the Bitcoin space, we've already explored many options in an<br>
> effort to allow users easily to back up private keys.<br>
> <br>
> I have to say the effort involved in your method seems unrealistic for most<br>
> users:<br>
><br>
> [...]<br>
<br>
thanks for you feedback message!<br>
<br>
As you probably expect, I agree with (almost) everything you say. My<br>
experiment was to document something which — as far as I know — was not<br>
documented until now (although probably done numerous times) and a way<br>
to spur a discussion on the topic of “backing up keys when you cannot<br>
trust or do not have access to some devices”.<br>
<br>
The pain points are manifold: some might be mitigated (as Ingo Klöcker<br>
suggested, ed25519 keys are shorter, progressively moving to them would<br>
do a lot); some would need some reworking (or reimagining) of the tools<br>
we use today to sign out documents and encrypt out archives (as much as<br>
`paperkey` is convenient, a “native” solution will always be more<br>
reliable, user-friendly, future-proof).<br>
<br>
> But ideally such a system should be standardized and built into gpg so that<br>
> users can be sure they will be able to restore keys.<br>
<br>
This would be amazing and hopefully one day a standardised approach will<br>
come to light for PGP too. Happy encrypting everyone<br>
—F<br>
<br>
_______________________________________________<br>
Gnupg-users mailing list<br>
<a href="mailto:Gnupg-users@gnupg.org" target="_blank">Gnupg-users@gnupg.org</a><br>
<a href="https://u25119845.ct.sendgrid.net/ls/click?upn=AWAj65NY2UMz4TnmUvFN9EYEqtNOGKM5EVTRJHzYauGZHQfmaLnBrHl5qgXgVVD7vBRgqcz2jUvGsIaK0YTgxw-3D-3Ds9tV_RtEKULAgbs8GArutgsfJQJI1lr9pAjJUwpaVhpathDLD1wRHQ22pUznbAeW1KS-2FdIMU-2BalE5M1mg848RhLcBQHAI31ftpQ7XvRTsQ8zrvmqqSf-2BhdMR0QTcp2oaqFdvctgDyuhcS68BxFsluitnwebkj-2BjIIAve2iwl31zuI1868gbZxInjloFa-2BpUvT2Nm5CkZOzxdIZ59MHuap1j5ceQ-3D-3D" rel="noreferrer" target="_blank">https://lists.gnupg.org/mailman/listinfo/gnupg-users</a><br>
</blockquote></div></div>
<img src="https://u25119845.ct.sendgrid.net/wf/open?upn=MjNWGbdsr8h8Trz0kjLMlNytvPe4-2FnCIbHOUD1FwukOP8CjIG4gomyKnLfNpjTmGM4HLhTonghDi3Tzafcr5QZQuXzFKksjpRxdzZ9oUGbAqGpx8846MVYw83xK5TMf-2BFn3iu-2Fsk6TI3IRFMvzdnppKqNoz9k5zyTjvZ0Y4mBrbs8sKf9SP6zKog8YP-2FP60C6dazyiicLRumXQgU576UEa4-2B0f3N-2FcyUFYof53quLbk-3D" alt="" width="1" height="1" border="0" style="height:1px !important;width:1px !important;border-width:0 !important;margin-top:0 !important;margin-bottom:0 !important;margin-right:0 !important;margin-left:0 !important;padding-top:0 !important;padding-bottom:0 !important;padding-right:0 !important;padding-left:0 !important;"/>