has anyone given any thought to what would be the difference between
carefully and carelessly making hard-copy backups of secret keys?
i mean, it would be stupid to print a copy of ones secret key (with a weak
passphrase) and leave it lying on a table next to a window. OTOH, a
printed copy of a secret key (with a strong passphrase) would probably be
"secure" in a 10 ton safe.
so how strong should a passphrase be when printing out a secret key in the
first place? what are the pros/cons of hiding versus securing a hard-copy?
what other factors should be considered?
bear in mind, these are philosophical questions with philosophical
answers... i'm not looking for absolutes.
btw, if anyone prints out their secret key for backup, here's a few lines
of shell code that will print a (non-cryptographic) checksum for each
line. this way if you have to recover your key from hard-copy, it's *much*
easier to find mistakes. an example of the output looks like this
(indented):
-----BEGIN PGP PUBLIC KEY BLOCK----- 3675205589 37
3515105045 1
mQILBECkOvYBEADJfImYQNznN0PJxkwcGysohePmujLVJTsA30WV9tXrb6+4L5ib
2185591463 65
Ed9zHilbvXEgmrLJbG949H7yAwbNAaEjfnlqxBO31BmIJjUDmnXxe3FN98fuKIcq
3919870367 65
bVn8aqPOvGGvsJaWDwLyFSG3UT60htHFuh0I0Nco7AB6WTXBrwV/9JDkiy7p0fK5
1339170163 65
the code works on bsd (zsh) but may have to be slightly modified for other
operating systems or shells.
while read n
do
echo -n "${n}\t"
echo "${n}" | cksum
done
--
...atom
_________________________________________
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
-------------------------------------------------
"I contend that we are both atheists. I just believe
in one fewer god than you do. When you understand
why you dismiss all the other possible gods, you
will understand why I dismiss yours."
-- Stephen Roberts
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
