Bitcoin Forum
December 04, 2016, 08:33:22 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Private key backup and security  (Read 4844 times)
Ian Maxwell
Full Member
***
Offline Offline

Activity: 140



View Profile WWW
May 05, 2011, 04:53:12 PM
 #1

People who use GPG: How do you back up your private key?

I'm using a passphrase-protected private key with what I consider to be a strong passphrase (quite long, no English words, no personal relevance, etc). Do I need to be protective of this key? My guess is that it's symmetrically encrypted using some derivative of my passphrase, so it should be unusable by anyone without my passphrase. If that's the case, I could post it on a billboard in Times Square and no one could do anything with it. But I keep hearing that I need to keep my secret key secret, so it's possible I'm missing something here. What is it?

Ian Maxwell
PGP key | WoT rating
1480883602
Hero Member
*
Offline Offline

Posts: 1480883602

View Profile Personal Message (Offline)

Ignore
1480883602
Reply with quote  #2

1480883602
Report to moderator
1480883602
Hero Member
*
Offline Offline

Posts: 1480883602

View Profile Personal Message (Offline)

Ignore
1480883602
Reply with quote  #2

1480883602
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480883602
Hero Member
*
Offline Offline

Posts: 1480883602

View Profile Personal Message (Offline)

Ignore
1480883602
Reply with quote  #2

1480883602
Report to moderator
1480883602
Hero Member
*
Offline Offline

Posts: 1480883602

View Profile Personal Message (Offline)

Ignore
1480883602
Reply with quote  #2

1480883602
Report to moderator
jimbo77
Member
**
Offline Offline

Activity: 78


View Profile
May 05, 2011, 05:14:24 PM
 #2

symmetrical encryption means you use the same key for encryption/decryption. No messing around with public/private keys. As long as you keep the password your good
Ian Maxwell
Full Member
***
Offline Offline

Activity: 140



View Profile WWW
May 05, 2011, 05:20:59 PM
 #3

Scroll up, actually read my post, and try again.

Ian Maxwell
PGP key | WoT rating
jimbo77
Member
**
Offline Offline

Activity: 78


View Profile
May 05, 2011, 05:31:07 PM
 #4

lol oops AFAIK password is needed to unlock stuff even if they have your private key
ffe
Sr. Member
****
Offline Offline

Activity: 297



View Profile
May 05, 2011, 05:40:33 PM
 #5

People who use GPG: How do you back up your private key?

I'm using a passphrase-protected private key with what I consider to be a strong passphrase (quite long, no English words, no personal relevance, etc). Do I need to be protective of this key? My guess is that it's symmetrically encrypted using some derivative of my passphrase, so it should be unusable by anyone without my passphrase. If that's the case, I could post it on a billboard in Times Square and no one could do anything with it. But I keep hearing that I need to keep my secret key secret, so it's possible I'm missing something here. What is it?

Your secret key is secret and safe on a billboard if the passphrase and the encryption algorithm used is good. 

To actually use the key you would have to move it to a safe place (your personal computer) to decrypt it. Hence you are keeping your secret key secret.
BitterTea
Sr. Member
****
Offline Offline

Activity: 294



View Profile
May 05, 2011, 06:05:33 PM
 #6

This is just AFAIK, so take it with a grain of salt...

GPG private keys are stored in the secret keyring (secring.gpg in %AppData%\GnuPG or ~/.gnupg), and are individually encrypted with a symmetric cypher, the key to which can be derived from your password. Without the password, the key is useless.

However, since it is a symmetric cipher, someone could try to break it through various means. I wouldn't leave even the encrypted key exposed to a potential attacker.
error
Hero Member
*****
Offline Offline

Activity: 574



View Profile
May 05, 2011, 07:08:56 PM
 #7

I have a copy on a LUKS-encrypted USB stick.

15UFyv6kfWgq83Pp3yhXPr8rknv9m6581W
theymos
Administrator
Legendary
*
Offline Offline

Activity: 2492


View Profile
May 06, 2011, 04:36:18 AM
 #8

The default cipher for the private key is CAST5, which I'm not totally confident with. I changed mine to use AES.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
bitcoinex
Sr. Member
****
Offline Offline

Activity: 350


probiwon.com


View Profile WWW
May 06, 2011, 05:30:02 AM
 #9

People who use GPG: How do you back up your private key?

I'm using a passphrase-protected private key with what I consider to be a strong passphrase (quite long, no English words, no personal relevance, etc). Do I need to be protective of this key? My guess is that it's symmetrically encrypted using some derivative of my passphrase, so it should be unusable by anyone without my passphrase. If that's the case, I could post it on a billboard in Times Square and no one could do anything with it. But I keep hearing that I need to keep my secret key secret, so it's possible I'm missing something here. What is it?

printed in DataMatrix



Unlike QR code it supports true 8-bit mode and it is free

New bitcoin lottery: probiwon.com
- Может, ты ещё и в Невидимую Руку Рынка веруешь? - Зачем же веровать в то, что можно наблюдать непосредственно?
TehZomB
Sr. Member
****
Offline Offline

Activity: 294


WTB NHL Expansion team in Baltimore


View Profile WWW
May 07, 2011, 03:40:00 AM
 #10

Very small truecrypted file that appears as a corrupt video file and contains my GPG secret keys, TS3 secret keys, and SSH secret keys. I also uploaded it to my VPS and a filehost for redundancy.

riX
Sr. Member
****
Offline Offline

Activity: 327



View Profile
June 29, 2011, 10:00:56 PM
 #11

Storing you keys safely are trivial as shown previously, just make sure not to decrypt them somewhere and not wipe that space thoroughly afterwards.

A bigger problem is how to store keys safely while you are healthy, but what if you get in a car accident and loose your memory or worse?

How do you store the keys so you and no one else will be able to use them even if you have forgotten the password?

And how to make sure the ones you want to have your coins (and other secret stuff) when you are not longer able to use a computer?

DataMatrix Tattoo on inner thigh? -maybe some coroner gets lucky.
Secret printed note with password at home? -maybe, what if the cause of your memory loss or death is a fire at home?
etc..


If someone has a good solution to this, I'd appreciate to hear it.

vlad1m1r
Newbie
*
Offline Offline

Activity: 12


View Profile
July 01, 2013, 07:29:27 PM
 #12

Sorry to reply to an old thread but this got my braincells working as the question of how to ensure your private key is restored to you in the case of an accident/death is an excellent one.

Probably the safest thing to do is as the other posters recommend and back up your private key and place it in a Truecrypt container. (In fact I keep my whole GPG program GPG4USB in such a secure container). As such if you were to be killed the password could die with you and no one could access the private key as it would be secure in the container.

If you wanted to be assured you could recover the key yourself if you lost your memory, I would suggest the following:

- Upload your encrypted Truecrypt container to a secure cloud service e.g SpiderOak. Then write three letters and give each one to three trusted friends who do not know each other. One can contain the location of the Truecrypt container and the password to retrieve it from the secure cloud. The second letter can contain details of how to open the Truecrypt container e.g with a keyfile/password and the third can contain the password for your private key. None of the letters are any use on their own.

If you're feeling super paranoid I suppose you could use a service like TimeCave to send out three separate e-mails automatically every week unless you tell them otherwise but of course if your e-mail account were to be compromised then it would be possible to access your private key which is why I recommend lodging a letter with your lawyer to be given to your friends if it comes to that.

Of course what good decrypting messages from people you don't even remember would do you is another story altogether...!

Alternatively you could lodge a letter with a Solicitor and use it in combination with speech recognition to encode your private key e.g You could say, "Star-Spangled banner" was your pass phrase, information which by itself wouldn't be much use unless you could be forced to say it against your will. Of course this would make retrieval impossible if you were in Prison as I doubt they'd let someone bring a laptop in!

As for making sure your coins go to the right people, you could do the same thing with a wallet backup of your Bitcoin software. Just be sure to encrypt the backup with a password first. BitcoinSpinner also allows you to backup your private key as a QR code which you could print out, store in a safe place allowing someone else to scan it in on their own cellphone so you could just include this in a letter and avoid the need for you to rely on the internet at all.



Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!