All, I'm new to GPG and am hoping to learn the ropes. Please forgive any ignorant questions.
(a) are there any recommended methods by which to back up your private and public keys? I've seen some "paper" methods (paperkey) and some GitHub gists that have taken the private key, broken it in several pieces and used QR codes to back up. Which is better? Does it matter? (b) is your public key embedded in your private key? If you're not actually uploading your private key to a keyserver (perhaps using the key to secure data / files instead of email, thus no need for keyserver), is it sufficient to back up the private key only, or _must_ I back up both files? (c) Isn't the private key itself encrypted via AES256 when secured with a passphrase? If so, assuming the passphrase is secure enough, isn't it sufficient to upload this file to Dropbox, etc. for safe keeping? Would appreciate both real-world and theoretical commentary on this point. (d) as best I can tell, the --armor flag is used to dump the key to ASCII. The gpg documentation[1] seems to indicate that paperkey works better at backing up to paper. Is there some reason why? Can't we simply run --armor, print the output and then use OCR to pull the key back in in case of emergency? Thoughts, ideas and real world experience on securely handling backups of your sensitive GPG data would be _greatly_ appreciated! James 1 https://www.gnupg.org/documentation/manuals/gnupg/Operational-GPG-Commands.html _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
