Ask HN: How do you backup your private keys?
Obviously storing keys on the cloud is the least secure option. I would like to know if it is best to print them out on paper? or generate QR codes?
looking forward to hearing some strategies and best practices.
10 comments
[ 532 ms ] story [ 962 ms ] threador print out on paper[1][2][3]/burn a DVD/write on floppy/etc but the encrypted version with very good passphrase. Don’t ever store private keys in plain text.
[1] http://www.jabberwocky.com/software/paperkey/
[2] http://ronja.twibright.com/optar/
[3] http://blog.liw.fi/posts/qr-backup/
I have a public dotfiles project on Github. In addition to my dotfiles it includes a symmetrically encrypted tarfile of a secrets folder that contains keys and other sensitive info.
To recover my keys I only need access to github, gpg and the password for the encrypted tarfile.
If you have a password store in the cloud, I recommend KeePass's keyfile feature. With a keyfile (again backed up, but never in the cloud), you can make sure that it takes more than just the master password to get in. If e.g. Dropbox ever gets compromised, and for some reason they can guess your password, keyfile will keep you safe.
I wrote a blog post a while ago about the same: ttp://srijanshetty.in/technical/safely-storing-gpg-keys/