Recipe 7.17 Backing Up a Private Key

7.17.1 Problem

You want to protect against losing your private key or forgetting your passphrase. (And thereby losing the ability to decrypt your files.)

7.17.2 Solution

Store your key pair in an offline, physically secure location, together with a throwaway passphrase. First change the passphrase temporarily to something you do not use for any other purpose. This will be your "throwaway" passphrase.

$ gpg --edit mykey_id ...
Command> passwd 
 ...follow the prompts...

Then make a copy of your key pair that uses this throwaway passphrase, storing it in the file mykey.asc:

$ gpg -a -o mykey.asc --export mykey_id
$ gpg -a --export-secret-keys mykey_id >> mykey.asc

Finally, restore the original passphrase to your key on your keyring:

$ gpg --edit mykey_id ...
Command> passwd 
 ...follow the prompts...

You now have a file called mykey.asc that contains your key pair, in which the private key is protected by the throwaway passphrase, not your real passphrase. Now, store this file in a safe place, such as a safety deposit box in a bank. Together with the key, store the passphrase, either on disk or on paper.

To guard against media deterioration or obsolescence, you can even print mykey.asc on acid-free paper and store the printout with the media. Or maybe have the key laser-engraved on a gold plate? Whatever makes you feel comfortable.

7.17.3 Discussion

Imagine what would happen if you forgot your passphrase or lost your secret key. All your important encrypted files would become useless junk. Even if you are sure you could never forget your passphrase, what if you become injured and suffer amnesia? Or what about when you die? Could your family and business associates ever decrypt your files, or are they lost forever? This isn't just morbid, it's realistic: your encrypted data may outlive you. So plan ahead.

If gpg could output your secret key to a file unencrypted, we would do so, but it has no such option. You could get the same effect by temporarily changing to a null passphrase and then doing the export, but that's dangerous and awkward to describe, so we recommend a throwaway passphrase instead.

Storing your plaintext key anywhere is, of course, a tradeoff. If your passphrase exists only inside your head, then your encrypted data are more secure?but not necessarily "safer" in the general sense. If losing access to your encrypted data is more worrisome than someone breaking into your safety deposit box to steal your key, then use this procedure.

Other cryptographic techniques can address these issues, such as secret-sharing, or simply encrypting documents with multiple keys, but they require extra software support and effort. A secure, plaintext, backup copy of your private key ensures that your data will not be irretrievably lost in these situations. You can, of course, create multiple keys for use with different kinds of data, some keys backed up in this way and others not.

While you're visiting your safety deposit box, drop off a copy of your global password list as well. [Recipe 6.15] Your heirs may need it someday.

7.17.4 See Also


    Chapter 9. Testing and Monitoring