Backing up PGP keys safely

A PGP private key is unrecoverable. There is no "forgot password" link. If your laptop dies and you have no backup, every message ever encrypted to that key is gone forever. So you back up. But a private key sitting on a cloud drive is one breach away from ruining you. Backup hygiene is its own discipline.

The threat model

Two failure modes pull in opposite directions. (1) You lose the key — disk failure, lost laptop, accidental deletion. Backup mitigates this. (2) An attacker finds your backup — bad cloud password, stolen device, careless email attachment. Backup creates this risk. Good practice satisfies both: enough copies that loss is unlikely, but each copy is hardened against compromise.

Strategy 1 — Encrypted offline media

Burn the private key file (.asc) onto an encrypted USB stick or SD card. Use a strong, unique passphrase on the disk encryption (VeraCrypt or the OS native encryption). Store the stick somewhere physical that requires effort to reach — a home safe, a safety deposit box, a trusted relative's house.

Make at least two copies in two different physical locations. A single copy plus a fire is no better than no copy at all.

Strategy 2 — Paper backup

Print the armored .asc to paper. Store in a fire-resistant safe or laminate and seal in a tamper-evident envelope. Paper does not rot, does not get hacked, and survives the death of every digital device you own. Tools like paperkey can produce QR-coded paper backups that you can scan back later.

A paper backup is also passphrase-protected. The .asc is encrypted with your key passphrase, so even physical theft does not yield plaintext access.

Strategy 3 — Shamir split

For high-value keys, use the Split Key tool to break the key into N shares with K-of-N reconstruction. Distribute to trusted parties or store across geographically separated lockers. Any one share leaks nothing. Reconstruction requires K of them assembling. This trades recovery friction for catastrophic-leak resistance.

Useful for keys you rarely use — a corporate signing key, an inheritance plan, an organisational master key. Less useful for your day-to-day key.

The revocation certificate

When you generate a key, also generate a revocation certificate and store it separately from the key. If your private key is ever compromised, publishing the revocation tells the world to stop encrypting to that key. Without one, you have no way to invalidate a stolen key.

The Generate Keys tool emits the revocation certificate alongside the key. Save it on different media — different USB stick, different paper file, different safe. You only need it once, but when you need it you really need it.

Hygiene checklist

• At least two backup copies, in two different physical locations.
• Each copy is encrypted, either by passphrase on the .asc or by full-disk encryption on the medium.
• Revocation certificate stored separately from the private key.
• Re-test recovery once a year — try restoring from one of your backups onto a clean device. Backups you have never tested often do not work.
• Update backups whenever you add a subkey, extend the expiry, or change the passphrase.