Should I backup my wallet key using my PGP key?

Charles produced a recent video outlining how he backed up his crypto wallet key using his PGP key. But hasn’t this simply transferred the wallet key backup problem to a PGP key backup problem?

As an avid PGP key user for over 20 years, I find the PGP key backup problem particularly annoying because the key is digital and needs to be stored on digital medium which can fail. Alternatively the key can be printed as a quite large sequence of random looking characters but this is nowhere near as convenient as a 24 word seed phrase.

The 24 word seed phrase was one of the Bitcoin innovations that I thought should get imported into the GnuPG software, but unfortunately this still hasn’t occurred.

I choose to protect my PGP key with a Gnuk hardware token which is similar to a Yubikey, both of which are similar to a Trezor hardware wallet without a screen. These hardware tokens are actually tiny stand alone computers which perform the key signing transactions themselves and transmit only the result to the user’s PC.

In order to backup my PGP key I have actually gone in the opposite direction. There is this Deterministic PGP key generation software that can generate a PGP key from a 24 word seed phrase. So I have randomly chosen a seed phrase and deterministically generated my PGP key from that. Then I engraved the chosen 24 words onto a metal tablet for secure offsite storage. Now if my house burns down, and someone steals or destroys my Gnuk token, I can recover my PGP key using the 24 word seed phrase backup.

I have provided instructions on my GitHub site for how to use an air-gapped raspberry pi to recover the PGP key from the seed phrase and write it to a new Gnuk token. The key and seed phrase is never written to any long term storage device, encrypted or otherwise, since the raspberry pi is configured with its home directory on RAM to disappear when the device gets powered off.

You could of course save your PGP key on an encrypted USB stick and store this in a safe. But now you need to backup the USB encryption password, AND you need to worry that the stick might fail. Or you could leave the USB stick unencrypted, but USB sticks don’t last forever and they particularly don’t like getting heated in a fire.

I think the 24 word seed phrase is a great solution to the key backup problem. If you are worried about this being a single point of failure then you can spilt the seed using Shamir’s secret sharing scheme specified for 24 word seed phrases: SLIP-0039.

2 Likes

Yes, it has. The GPG “paper” wallet is one of Hoskinson’s worse crazy ideas and that’s not that easy.

Yep, that would be one of the few crypto(currency) innovations that could actually help the larger crypto(graphy) space even if you don’t believe that crazy Internet money has any societal value at all.

3 Likes

I feel like the community is missing the three important benefits of what Charles did and perhaps Charles is missing two weaknesses.

The Benefits:

  1. He has created a backup scheme which allows for not one or two physical backups of a private key, but rather millions of them so that they can never be lost. And you can email these to all your friends and enemies for safe keeping and quick access and yet still be sure that they will never be hacked.

  2. He has found a way to recover any amount of different wallet accounts with a single private key. This doesn’t make much difference to a guy with all his ADA in just one account but it makes a big difference to a corporation or government that has ADA in many accounts. And these are the customers that Cardano is working to attract.

  3. We need several completely separate and distinct methods to back up a seed phrase.

I think there are two weaknesses with Charles’ solution:

  1. The we are trusting Mailvelope to generate a truly random private key.
  2. The entire process does not appear to be airgapped. We all assume that our Internet connected computers are being remotely viewed which is why we use hardware wallets in the first place.

If my assumptions about these weaknesses are incorrect then I hope a community member will correct me.

To benefit number three, I have a funny story that illustrates the point.
Several years ago I made a stone age version of the keystone wallet as seen below.
There is a camera on the other side of the device for scanning QR-Codes.

It had a thermal printer as seen below which was used to print a paper wallet.

Well the because the paper wallet was printed on thermal paper, the entire receipt turned completely black over time and was completely illegible.

I never lost any funds however, because I had two other completely different systems of backup.
I had a keystore file which is a text file containing an encrypted version of the private key, and I also had several copies of the encrypted drive which ran the stone age hardware wallet. So no harm done.

The story illustrates the need for several completely different methods for backup incase one or more methods fail. Charles has provided some methods and @Terminada has provided others.
I appreciate the addition of these options.

With regard to helping corporations and governments to secure private keys for multiple accounts - several years ago, I made a free and opensource airgapped device for signing transactions, for encrypted messaging and document storage. It’s just a computer with an encrypted drive which is packaged in a transparent tamper evident case so that one can verify there are no radio’s onboard or other nasty tricks.

Files are transferred in and out using a stream of QR-Codes like the Keystone hardware wallet.


Here is a video of the file transfer process.

The benefit over the Keystone is that it manages an unlimited number of accounts, securely stores documents, does PGP encrypted messaging from behind an airgap so that there is no chance of remote viewing, and it makes it’s own backups of the encrypted SD card that runs and stores everything. There has never been much interest in the device because hardware wallets meet all the needs of individual users. But as Cardano markets to governments and corporations, the community will need a hardware wallet which scales to those needs. This device helps to start a conversation about that.

2 Likes

I find discussing pros/cons of backup/recovery mechanisms so interesting, and so important.

Using a PGP key to backup everything does improve the availability of wallet key backups. However, it doesn’t improve the availability of backups of the PGP key used to encrypt the wallet backups. Everything is now dependent on that one PGP key which is now the single point of failure that we need to backup.

So, how is that PGP key backed up? You can store it on an encrypted drive… But what password are you going to use and how are you going to backup that password? Then if you have multiple copies of this password encrypted storage device available, you had better ensure the password is very good otherwise people can try to guess crack those backups. There is a very big temptation to have a less secure, more memorable passphrase used as the backup password compared to a randomly generated 24 word seed. Also, you can’t simply rely upon your own memory for the backup password if you want your family to recover those backups when you die.

I use my PGP key to protect so many things and I have really struggled with how to backup this key. After using encrypted disks for many years, I recently decided that a better solution is to use that deterministic PGP key generation software I linked above since the backup is very robust as 24 words engraved on metal. Simply publish the recovery instructions and store the 24 word seed securely. Or use the Shamir secret sharing scheme to distribute the key across multiple safes.

If I think over all the times I have shot myself in the foot regarding loss or compromise of PGP keys, they have all been loss of recoverability due to some backup failure usually stemming from me forgetting the passphrase. Backup failure of my PGP key really concerns me. That concern will be increased if I make all my crypto wallet backups dependent upon that PGP key.

Backup of these keys is a major concern inhibiting adoption. I think the 24 word seed is preferable to many alternatives but I still feel we need to do better.

2 Likes

Thanks @Terminada,

Yes, agreed. I think safely storing the 24 word seed phrase is a giant obstacle preventing mass adoption.

For the password that accesses an encrypted drive I would create a very secure word from some commonly available text that doesn’t change like the Bible or the Constitution or a billion other works that do not change. This would be the key. Then I would make up some algorithm to process the key so as to come up with a password which is hard to break. It should be easy to remember what text is used for the key and it should be easy to remember what process is used to derive a password from the text. As long as the final password is very long and uses mixed case, numbers, and symbols then it should be very secure even if it isn’t random.

If children can be taught algebra in school, then they can be taught how to create a secure password from some random document as the key and an some process that each child invents as the cipher. This has never been taught in schools before because there has never been a need. With crypto adoption, there is a now a need and perhaps educators will respond. The school should make a game of trying to discover the passwords in the same way that Charles has made a game of trying to guess the seed phrase for his wallet.

1 Like

I like the idea in general but now you need to backup your algorithm and name of document so that your family can recover your key, and be sure that they will apply the algorithm correctly.

Furthermore, I am always concerned to avoid relying in any way upon security through obscurity. For example, the passphrase itself might be strong if considered in isolation but its strength might be significantly reduced if the attacker could know which document was being used or infer anything about your algorithm. Depending on how you work, the attacker might be able to infer such things by looking at your browsing or shell command history, or by speaking with people you know. There is also the problem of repeated words within the document which reduces entropy, and there is the inconvenience of applying the algorithm.

The list of 2048 unique words used for seed phrases is a convenient publicly available method for generating a random key that has 264 bits of entropy.

1 Like

Yes, agreed @Terminada,
There are many things to consider.

Or just maybe put the password in a safe deposit box if you trust the banks.

One-time pad encryption solves that issue

Yes that is a very good method.

This is all fun to think about.
Charles was clearly enjoying himself when he made the video and I must admit that I am enjoying this conversation as we consider ways to make secure passwords and keep them safe :closed_lock_with_key:.

1 Like