Charles produced a recent video outlining how he backed up his crypto wallet key using his PGP key. But hasn’t this simply transferred the wallet key backup problem to a PGP key backup problem?
As an avid PGP key user for over 20 years, I find the PGP key backup problem particularly annoying because the key is digital and needs to be stored on digital medium which can fail. Alternatively the key can be printed as a quite large sequence of random looking characters but this is nowhere near as convenient as a 24 word seed phrase.
The 24 word seed phrase was one of the Bitcoin innovations that I thought should get imported into the GnuPG software, but unfortunately this still hasn’t occurred.
I choose to protect my PGP key with a Gnuk hardware token which is similar to a Yubikey, both of which are similar to a Trezor hardware wallet without a screen. These hardware tokens are actually tiny stand alone computers which perform the key signing transactions themselves and transmit only the result to the user’s PC.
In order to backup my PGP key I have actually gone in the opposite direction. There is this Deterministic PGP key generation software that can generate a PGP key from a 24 word seed phrase. So I have randomly chosen a seed phrase and deterministically generated my PGP key from that. Then I engraved the chosen 24 words onto a metal tablet for secure offsite storage. Now if my house burns down, and someone steals or destroys my Gnuk token, I can recover my PGP key using the 24 word seed phrase backup.
I have provided instructions on my GitHub site for how to use an air-gapped raspberry pi to recover the PGP key from the seed phrase and write it to a new Gnuk token. The key and seed phrase is never written to any long term storage device, encrypted or otherwise, since the raspberry pi is configured with its home directory on RAM to disappear when the device gets powered off.
You could of course save your PGP key on an encrypted USB stick and store this in a safe. But now you need to backup the USB encryption password, AND you need to worry that the stick might fail. Or you could leave the USB stick unencrypted, but USB sticks don’t last forever and they particularly don’t like getting heated in a fire.
I think the 24 word seed phrase is a great solution to the key backup problem. If you are worried about this being a single point of failure then you can spilt the seed using Shamir’s secret sharing scheme specified for 24 word seed phrases: SLIP-0039.