
Ask HN: How do you backup your private keys? - level09
Obviously storing keys on the cloud is the least secure option. I would like to know if it is best to print them out on paper? or generate QR codes? 
looking forward to hearing some strategies and best practices.
======
deno
[https://www.nitrokey.com/](https://www.nitrokey.com/)

or print out on paper[1][2][3]/burn a DVD/write on floppy/etc but the
encrypted version with very good passphrase. Don’t ever store private keys in
plain text.

[1]
[http://www.jabberwocky.com/software/paperkey/](http://www.jabberwocky.com/software/paperkey/)

[2] [http://ronja.twibright.com/optar/](http://ronja.twibright.com/optar/)

[3] [http://blog.liw.fi/posts/qr-backup/](http://blog.liw.fi/posts/qr-backup/)

~~~
atmosx
I use this backup method too :-)

------
jb510
I put them in my password manager (1Password) as a secure note, and then put
its encrypted data file in DropBox. I wish I trusted DropBox a bit more these
days (Condolezza), but I trust 1P's data file encryption and having that whole
password archive cloud accessible has saved my butt more than once, once for
SSH keys.

~~~
mgreenly
I also make mine available online but do it a bit different.

I have a public dotfiles project on Github. In addition to my dotfiles it
includes a symmetrically encrypted tarfile of a secrets folder that contains
keys and other sensitive info.

To recover my keys I only need access to github, gpg and the password for the
encrypted tarfile.

------
0942v8653
A password manager on your smartphone isn't a bad place if you always have it
with you. I think backing up to an encrypted HDD and my phone is redundant
enough for me.

If you have a password store in the cloud, I recommend KeePass's keyfile
feature. With a keyfile (again backed up, but never in the cloud), you can
make sure that it takes more than just the master password to get in. If e.g.
Dropbox ever gets compromised, and for some reason they can guess your
password, keyfile will keep you safe.

------
Raed667
I use a micro SD card (TrueCrypt) that I keep in my safe. I've had to use it
twice now, both because of sudden disk failure.

------
srijanshetty
I encrypt it symmetrically after creating a tarball and store it in my
password manager as a secure note.

I wrote a blog post a while ago about the same:
ttp://srijanshetty.in/technical/safely-storing-gpg-keys/

------
delcaran
An encfs folder in my dropbox. The password for that encfs is in the same
dropbox, inside a Keepass2 database.

------
tux
Print it and put it a safe place. Then when you need it again, simply use a
scanner ;-)

------
edoceo
I use QR for long term storage. Encrypted tarball in my GitHub as well

