Backing up keys a security issue?

anon95859710 · May 22, 2009, 12:33am

When I created my pub/sec keypair with WinTP I was asked to make a backup of my public key and secret key. I made a backup and now have 2 .gpg files, 1 being backup of my public key, and the other being a backup of my secret key. If we assume I typed in a strong password when I created my pub/sec keypair, are there any security issues if someone manages to steal these backups? Can someone somehow decrypt my encrypted files if they have the backups (without having any passwords)?

The reason I’m concered is because I remembered I store the backups on the same external hard drive as the encrypted files I want to protect. Bad idea?

And second. Are there any security issues by choosing the same password when you are asked for a password when doing a symmetric encryption, as when you create your keypair?

anon77050096 · May 22, 2009, 11:47am

Speaking as a home user I keep my backup files on a USB flash drive stored away in a fire proof lock box. With a strong password you should be protected.

You might consider creating a revocation certificate in case your key is compromised. Keep that separate from the other keys and in a safe place.

http://www.gnupg.org/gph/en/manual.html#AEN513

Personally I also set a expiration date when I create a PGP key. It matches the expiration date of the Thawte cert.

anon77050096 · May 22, 2009, 11:50am

Edit:

The last sentence should read…

“It matches the expiration date of my free Thawte personal email certificate”.