Bitcoin Forum

People who use GPG: How do you back up your private key?

I'm using a passphrase-protected private key with what I consider to be a strong passphrase (quite long, no English words, no personal relevance, etc). Do I need to be protective of this key? My guess is that it's symmetrically encrypted using some derivative of my passphrase, so it should be unusable by anyone without my passphrase. If that's the case, I could post it on a billboard in Times Square and no one could do anything with it. But I keep hearing that I need to keep my secret key secret, so it's possible I'm missing something here. What is it?

symmetrical encryption means you use the same key for encryption/decryption. No messing around with public/private keys. As long as you keep the password your good

Scroll up, actually read my post, and try again.

lol oops AFAIK password is needed to unlock stuff even if they have your private key

Your secret key is secret and safe on a billboard if the passphrase and the encryption algorithm used is good. 

To actually use the key you would have to move it to a safe place (your personal computer) to decrypt it. Hence you are keeping your secret key secret.

This is just AFAIK, so take it with a grain of salt...

GPG private keys are stored in the secret keyring (secring.gpg in %AppData%\GnuPG or ~/.gnupg), and are individually encrypted with a symmetric cypher, the key to which can be derived from your password. Without the password, the key is useless.

However, since it is a symmetric cipher, someone could try to break it through various means. I wouldn't leave even the encrypted key exposed to a potential attacker.

I have a copy on a LUKS-encrypted USB stick.

The default cipher for the private key is CAST5, which I'm not totally confident with. I changed mine to use AES.

printed in DataMatrix

http://www.markpro.ru/information/code/codeimg/DataMatrix.jpg

Unlike QR code it supports true 8-bit mode and it is free

Very small truecrypted file that appears as a corrupt video file and contains my GPG secret keys, TS3 secret keys, and SSH secret keys. I also uploaded it to my VPS and a filehost for redundancy.

Storing you keys safely are trivial as shown previously, just make sure not to decrypt them somewhere and not wipe that space thoroughly afterwards.

A bigger problem is how to store keys safely while you are healthy, but what if you get in a car accident and loose your memory or worse?

How do you store the keys so you and no one else will be able to use them even if you have forgotten the password?

And how to make sure the ones you want to have your coins (and other secret stuff) when you are not longer able to use a computer?

DataMatrix Tattoo on inner thigh? -maybe some coroner gets lucky.
Secret printed note with password at home? -maybe, what if the cause of your memory loss or death is a fire at home?
etc..


If someone has a good solution to this, I'd appreciate to hear it.

Sorry to reply to an old thread but this got my braincells working as the question of how to ensure your private key is restored to you in the case of an accident/death is an excellent one.

Probably the safest thing to do is as the other posters recommend and back up your private key and place it in a Truecrypt container. (In fact I keep my whole GPG program GPG4USB in such a secure container). As such if you were to be killed the password could die with you and no one could access the private key as it would be secure in the container.

If you wanted to be assured you could recover the key yourself if you lost your memory, I would suggest the following:

- Upload your encrypted Truecrypt container to a secure cloud service e.g SpiderOak. Then write three letters and give each one to three trusted friends who do not know each other. One can contain the location of the Truecrypt container and the password to retrieve it from the secure cloud. The second letter can contain details of how to open the Truecrypt container e.g with a keyfile/password and the third can contain the password for your private key. None of the letters are any use on their own.

If you're feeling super paranoid I suppose you could use a service like TimeCave to send out three separate e-mails automatically every week unless you tell them otherwise but of course if your e-mail account were to be compromised then it would be possible to access your private key which is why I recommend lodging a letter with your lawyer to be given to your friends if it comes to that.

Of course what good decrypting messages from people you don't even remember would do you is another story altogether...!

Alternatively you could lodge a letter with a Solicitor and use it in combination with speech recognition to encode your private key e.g You could say, "Star-Spangled banner" was your pass phrase, information which by itself wouldn't be much use unless you could be forced to say it against your will. Of course this would make retrieval impossible if you were in Prison as I doubt they'd let someone bring a laptop in!

As for making sure your coins go to the right people, you could do the same thing with a wallet backup of your Bitcoin software. Just be sure to encrypt the backup with a password first. BitcoinSpinner also allows you to backup your private key as a QR code which you could print out, store in a safe place allowing someone else to scan it in on their own cellphone so you could just include this in a letter and avoid the need for you to rely on the internet at all.