0

What's the proper way to keep safe and backup my private and public gpg keys? Can I keep them both in the same place on a flash usb stick, is there any security about that? Or should I necessarily keep their backups separately on different devices?

Meji
  • 107
  • 2

1 Answers1

3

The public key doesn't matter. There's no need to keep it secure, it should be widely distributed, and if you lose it you can always recreate it from the private key. It's only the private key that you should be worrying about. And yes, for that key it's a reasonable plan to put it on two or three USB sticks and keep them in separate places.

Mike Scott
  • 7,993
  • 31
  • 26
  • 1
    It may be that GPG stores a copy of the public key with every private key (as ssh does), but if the tool does not do this, it is no easier to recreate the public key from the private one than it is to recreate the private key from the public one. Otherwise, though, I like this answer, +1 from me. – MadHatter Oct 23 '16 at 06:11
  • @MadHatter: GPG follows rfc4480, which explicitly copies the public key within the 'secret key' packet, and for RSA it stores p,q for CRT which would provide easy rederivation of e if it were needed; for DSA and EG y is always trivially derivable from x. Using (at least) p,q and CRT in RSA has been effectively standard for 25 years, and I've never seen a non-toy implementation that didn't. – dave_thompson_085 Oct 23 '16 at 07:26
  • @dave_thompson_085 thanks, that's valuable information. I knew about RSA (though I also knew that *without* knowing *p* and *q*, deriving *e* from *d* is difficult), but I didn't know that DSA and El Gamal did not have the same problem. I still like Mike's answer, though! – MadHatter Oct 23 '16 at 07:39
  • why separate if a public can be generated from a private one anyway? – Meji Oct 23 '16 at 08:36
  • `and keep them in separate places.` -- why separate if a public can be generated from a private one anyway? – Meji Oct 23 '16 at 08:37
  • 2
    @Meji You keep _copies of the private key_ in separate places, so that if one of them is destroyed or fails you don't lose your private key. – Mike Scott Oct 23 '16 at 08:57
  • alright. but is a private key should be hidden from anyone? and if it was protected by a phrase? – Meji Oct 23 '16 at 09:49
  • I mean, should I really keep it a private key if it has a passphrase? What if an adversary stole it? – Meji Oct 23 '16 at 13:12
  • @Meji A passphrase will help if it's stolen, but is not a substitute for keeping it private. – Mike Scott Oct 23 '16 at 16:56