Mailing List Archive

Thank you for sharing this Francesco.

Yes, having a secure, durable offline backup is important.

Coming from the Bitcoin space, we've already explored many options in an
effort to allow users easily to back up private keys.

I have to say the effort involved in your method seems unrealistic for most
users:

> Considering a paperkey is less than 150 lines, that means it should take
50 sessions, or a little less than 2½ months to get it on paper. The whole
effort costs 50×10m ? 8 hours of your time.

In Bitcoin, we can use the BIP39 standard to backup nearly infinite number
of keys (trees of derived keys) with just 12 simple English words. It even
has a checksum! Only in the first four letters of each word are even
necessary as those are always distinct making input very quick and easy.

GPG would benefit from something similar.

Only 1% of the 1% of users, will put in the effort in that you did meaning
that most users are not properly backing up their PGP keys and or are
trusting computer hardware/printers.

I see there is efforts like paperkey word list:
https://github.com/vonshednob/paperkeywords

But ideally such a system should be standardized and built into gpg so that
users can be sure they will be able to restore keys.

One can actually use the most popular Bitcoin hardware wallet as a PGP
signing device. Since the device is backed up with a BIP39 "seed phrase",
you can effectively say that it's a way to backup GPG keys with 12 or 24
words:

https://support.ledger.com/hc/en-us/articles/115005200649-OpenPGP?docs=true

The fact that It has a screen and you can input the words directly into the
signing device means that you don't need an air gap computer as well.

That might be a good option for some people.

Jonathan

On Montag, 2. Mai 2022 13:26:06 CEST Jonathan Cross via Gnupg-users wrote:
> I have to say the effort involved in your method seems unrealistic for most
> users:
>
> > Considering a paperkey is less than 150 lines, that means it should take
> > 50 sessions, or a little less than 2½ months to get it on paper. The whole
> > effort costs 50×10m ? 8 hours of your time.

For a modern ed25519 key with cv25519 subkey paperkey outputs less than 10
lines of data and a final CRC-24 checksum.

1: 00 04 69 C7 01 A4 36 FD D4 96 FA E5 58 0A A1 51 BC 58 17 C2 28 CF 6A0F72
[...]
10: B2 47 15 98 62 69 A9 53 BC B2 16 8F 9B 78 B4 BAF5C6
11: BBEA88

In the old days computer magazines contained many pages of such hexdumps that
you could hack into your computer to get some nice little games.

Regards,
Ingo

Hello Jonathan,

Il 02 maggio 2022 alle 13:26 Jonathan Cross via Gnupg-users ha scritto:
> Thank you for sharing this Francesco.
>
> Yes, having a secure, durable offline backup is important.
>
> Coming from the Bitcoin space, we've already explored many options in an
> effort to allow users easily to back up private keys.
>
> I have to say the effort involved in your method seems unrealistic for most
> users:
>
> [...]

thanks for you feedback message!

As you probably expect, I agree with (almost) everything you say. My
experiment was to document something which — as far as I know — was not
documented until now (although probably done numerous times) and a way
to spur a discussion on the topic of “backing up keys when you cannot
trust or do not have access to some devices”.

The pain points are manifold: some might be mitigated (as Ingo Klöcker
suggested, ed25519 keys are shorter, progressively moving to them would
do a lot); some would need some reworking (or reimagining) of the tools
we use today to sign out documents and encrypt out archives (as much as
`paperkey` is convenient, a “native” solution will always be more
reliable, user-friendly, future-proof).

> But ideally such a system should be standardized and built into gpg so that
> users can be sure they will be able to restore keys.

This would be amazing and hopefully one day a standardised approach will
come to light for PGP too. Happy encrypting everyone
—F

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Does exporting your private key (which already comes encrypted and requires
password authentication) to encrypted USB flash drive then placed under
lock and key not suffice as an offline backup?

Aside: Private keys aren’t the only thing that should be getting backed up.
Revocation certs are perhaps just as important, if not more. Private keys
can be replaced all day long, but you can’t replace revocation certs once
the private key is lost (requiring revocation).


On Tue, May 3, 2022 at 12:17 Francesco Ariis <fa-ml@ariis.it> wrote:

> Hello Jonathan,
>
> Il 02 maggio 2022 alle 13:26 Jonathan Cross via Gnupg-users ha scritto:
> > Thank you for sharing this Francesco.
> >
> > Yes, having a secure, durable offline backup is important.
> >
> > Coming from the Bitcoin space, we've already explored many options in an
> > effort to allow users easily to back up private keys.
> >
> > I have to say the effort involved in your method seems unrealistic for
> most
> > users:
> >
> > [...]
>
> thanks for you feedback message!
>
> As you probably expect, I agree with (almost) everything you say. My
> experiment was to document something which — as far as I know — was not
> documented until now (although probably done numerous times) and a way
> to spur a discussion on the topic of “backing up keys when you cannot
> trust or do not have access to some devices”.
>
> The pain points are manifold: some might be mitigated (as Ingo Klöcker
> suggested, ed25519 keys are shorter, progressively moving to them would
> do a lot); some would need some reworking (or reimagining) of the tools
> we use today to sign out documents and encrypt out archives (as much as
> `paperkey` is convenient, a “native” solution will always be more
> reliable, user-friendly, future-proof).
>
> > But ideally such a system should be standardized and built into gpg so
> that
> > users can be sure they will be able to restore keys.
>
> This would be amazing and hopefully one day a standardised approach will
> come to light for PGP too. Happy encrypting everyone
> —F
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> https://u25119845.ct.sendgrid.net/ls/click?upn=AWAj65NY2UMz4TnmUvFN9EYEqtNOGKM5EVTRJHzYauGZHQfmaLnBrHl5qgXgVVD7oMr9xT2-2FmICVLCVAwlw5rA-3D-3Dkqal_RtEKULAgbs8GArutgsfJQJI1lr9pAjJUwpaVhpathDLD1wRHQ22pUznbAeW1KS-2FdIa6FC4L3OSGS4eMi13SJmdMoCsAM4QauLPgLSkTUmxcckyrs8qWq9hPVlcUr0rWoyhSMFe2wadsqqbPX2NoGeUTwVBVIh3zpoMQrA6U3pfn9vhU6EQgA9CzlMdUxY2JEC2wgCAdSAt7NqLYXDIFiAQ-3D-3D
>

On 5/3/22 22:08, Francesco Ariis wrote:
[snip]
> As you probably expect, I agree with (almost) everything you say. My
> experiment was to document something which — as far as I know — was
> not documented until now (although probably done numerous times) and
> a way to spur a discussion on the topic of “backing up keys when you
> cannot trust or do not have access to some devices”.

A removable hard drive might be an option, if the storage time is less
than a decade and there are decent storage conditions in regards to
chemicals, temperature, humidity, and so on. Flash memory seems to lose
its charge rather quickly, measured in months. I can't find the
original articles on that but here's a secondary source:

https://www.ni.com/en-us/support/documentation/supplemental/12/understanding-life-expectancy-of-flash-storage.html

Perhaps printing a QR code or barcode would work if it is possible to
get the private key to a printer in a secure manner. If you are into
further experimentation maybe some graph paper and a black magic marker
could be used for making a QR code, with enough persistence or
performance art funding.

/Lars

PS. Thanks for not top-posting.


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Lars Noodén via Gnupg-users wrote:
> A removable hard drive might be an option, if the storage time is less
> than a decade and there are decent storage conditions in regards to
> chemicals, temperature, humidity, and so on. Flash memory seems to lose
> its charge rather quickly, measured in months.

Write-once optical media is my preferred means of long-term backup for
nontrivial amounts of data, but this view about flash losing data in
months is completely ridiculous. Typical data retention specs for flash
memory are for decades. If losing data in mere months were acceptable,
just about nothing would work, including the computer you use for email
-- its firmware is almost certainly in flash and it is probably more
than a few months old.

I have SD cards and USB sticks with data blocks last written many years
ago and still readable. Granted, I have never used low-end no-name
Chinesium storage, so that may have something to do with it, but flash
memory is far more durable than a few months. Battery-backed SRAM
typically has batteries that last longer than that; if flash only held
data for months, it would never have been commercially viable for
displacing said SRAM.


-- Jacob

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

On 5/5/22 01:11, Jacob Bachmeyer wrote:
> Lars Noodén via Gnupg-users wrote:
>> A removable hard drive might be an option, if the storage time
>> is less than a decade and there are decent storage conditions
>> in regards to chemicals, temperature, humidity, and so on. Flash
>> memory seems to lose
>> its charge rather quickly, measured in months.
>
> Write-once optical media is my preferred means of long-term backup for
> nontrivial amounts of data,
[snip]

The number of years that the keys and the data they apply to will be
stored unpowered, offline will influence which storage medium is
acceptable for the task.

Old CD-R were short-lived garage from my experience, but certain models
of recently made CD-R should last a while even under slightly
non-optimal storage conditions before they start flipping bits.
However, it's hard to know until it's too late. And all bets are off
for bad storage condistions. Now that the quality has improved, under
optimal storage conditions, they ought to retain data for decades:

https://www.canada.ca/en/conservation-institute/services/conservation-preservation-publications/canadian-conservation-institute-notes/longevity-recordable-cds-dvds.html

https://www.loc.gov/preservation/resources/rt/NIST_LC_OpticalDiscLongevity.pdf

Whether that bit flip hits anything important is another matter, but
they do add up over time and with enough of them they will eventually
hit something, worse if it hit something compressed. I'm sure BtrFS or
OpenZFS might be relevant there.

Air pollution, temperature, light, and humidity are some of the factors
affecting the lifespan of the physical storage medium.

> I have SD cards and USB sticks with data blocks last written
> many years ago and still readable. Granted, I have never used
> low-end no-name
[snip]

And by reading them, they have powered up and refreshed the charge. The
problem applies to such flash storage devices which have been left
unpowered for longer periods of time. Again, it depends a bit on what
the planned retention period is for the keys and their data.

/Lars

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

I think, paper tapes as in the years 70 would be the best media for this
approach.

matthias


--
Matthias Apitz, ? guru@unixarea.de, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub

Peace instead of NATO! ??? ?????? ????! Frieden statt NATO! ¡Paz en vez de OTAN!

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Matthias Apitz wrote:
> I think, paper tapes as in the years 70 would be the best media for this
> approach.

Paper tape had a high error rate (& tear rate). It chaffed & built
dirt on reader, & absorbed finger grease & misread whether optical
or capacitive readers. Mylar (plastic) was better, stronger.

Often on long paper tapes we'd read several times & compare to
ensure probably no errors. Checksums weren't so often available.

Our pape tape flew so fast through the reader we held dustbins at
~ 45 degrees to catch it. & then reloaded slower back out of bin
onto winder.

Cheers,
--
Julian Stacey http://berklix.com/jhs/ http://stolenVotes.uk
Arm Ukraine, kill Putin mass murderer causing global grain & fuel shortage.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

So I guess all that leaves us with at this point is laser welded
inscriptions onto a block of metal, installed backwards as the cornerstone
of the next monument being preserved by a historic society.

It’ll be the next iteration of 3D printing: MIaaB (Metal Inscriptions as a
Backup).

Whole building would have to come down to restore from backup, but it’d at
least stand the test of weathering…

On Thu, May 5, 2022 at 06:44 Julian H. Stacey <jhs@berklix.com> wrote:

> Matthias Apitz wrote:
> > I think, paper tapes as in the years 70 would be the best media for this
> > approach.
>
> Paper tape had a high error rate (& tear rate). It chaffed & built
> dirt on reader, & absorbed finger grease & misread whether optical
> or capacitive readers. Mylar (plastic) was better, stronger.
>
> Often on long paper tapes we'd read several times & compare to
> ensure probably no errors. Checksums weren't so often available.
>
> Our pape tape flew so fast through the reader we held dustbins at
> ~ 45 degrees to catch it. & then reloaded slower back out of bin
> onto winder.
>
> Cheers,
> --
> Julian Stacey https://u25119845.ct.sendgrid.net/ls/click?upn=2dQXn-2FuZ4IFXJrxoTvrldvqqxLcoXrCdV6gWFc3-2BDwiGSo0Z8d6K83e32R-2BJhBnZXZwc_RtEKULAgbs8GArutgsfJQJI1lr9pAjJUwpaVhpathDK-2FZv-2Fiay3xKjt5SlrXDHfdtDQngQuGzQN2K051aIgKwfPvbq0YLpHqZ4AbECeyjWpF0B38q2NVsTI6-2FgwVz9FZ7mf80zRGHBfUF3K1FHgAGBB44fRL6RfIIVwP98xF41Bi5m6UuL2kUz5G-2BM1AGaX2blauQR9a-2Bvi1If-2BaWnVamQ-3D-3D https://u25119845.ct.sendgrid.net/ls/click?upn=2dQXn-2FuZ4IFXJrxoTvrldidM2r9fYLOd-2B1CSkNvZDPA-3Du8bN_RtEKULAgbs8GArutgsfJQJI1lr9pAjJUwpaVhpathDK-2FZv-2Fiay3xKjt5SlrXDHfdwzZbLWnIj29Hth24AAHKE1l5x4N8SoEGFqhcyzlp9BZTwUzr2qSCkylH0lmM-2FVITWyw3dj91TaYp6XvmUwCGAClbR6POSl2nr3JWTt0bG-2Ft9BfvkU-2FphwsRZG1SUCKUAnTPynQF7YCHTkcZs-2BJ-2Bb1g-3D-3D
> Arm Ukraine, kill Putin mass murderer causing global grain & fuel shortage.
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> https://u25119845.ct.sendgrid.net/ls/click?upn=AWAj65NY2UMz4TnmUvFN9EYEqtNOGKM5EVTRJHzYauGZHQfmaLnBrHl5qgXgVVD7oMr9xT2-2FmICVLCVAwlw5rA-3D-3DvQcR_RtEKULAgbs8GArutgsfJQJI1lr9pAjJUwpaVhpathDK-2FZv-2Fiay3xKjt5SlrXDHfdFkMvE8Hcl29FyG48kYmlLt10pWLtgDPW92k2a9zJN5kDephSphPp2-2FVwrSZLPmF1rhao05zPP2-2FvnFlqnwPrbWtMXWC7gdsh3C-2Bj2rZloPSR92Gf88OJ4TEqTIQsnZXEGyQzrhgHZS9kcWzqJnRoAw-3D-3D
>

Lars Noodén via Gnupg-users wrote:
> On 5/5/22 01:11, Jacob Bachmeyer wrote:
> > Lars Noodén via Gnupg-users wrote:
> >> A removable hard drive might be an option, if the storage time
> >> is less than a decade and there are decent storage conditions
> >> in regards to chemicals, temperature, humidity, and so on. Flash
> >> memory seems to lose
> >> its charge rather quickly, measured in months.
> >
> > Write-once optical media is my preferred means of long-term backup for
> > nontrivial amounts of data,
> [snip]
>
> The number of years that the keys and the data they apply to will be
> stored unpowered, offline will influence which storage medium is
> acceptable for the task.
>
> Old CD-R were short-lived garage from my experience, but certain models
> of recently made CD-R should last a while even under slightly
> non-optimal storage conditions before they start flipping bits.

This depends on the quality of the media. I first got a CD-R drive in
the mid 2000s and have discs from back then that were still readable
when I last looked at them a few years ago. Admittedly, these have been
stored under ordinary room conditions and protected in a disc binder or
jewel cases and were not the "bargain basement" media that was also
available at the time. A friend once lamented having something like 3
to 5 discs out of a 100-pack of "Great Quality" branded CD-R media that
were actually usable; the rest were either rejected during burning or
failed immediately upon readback. It is doubtful that those "Great
Quality" discs are still readable today. There was a significant
difference in price: the discs I used (Maxell/Memorex/Verbatim name
brands stand out thinking back) typically cost about $20 for a 50-pack
or similar for a 100-pack if on sale, while "Great Quality" was $5 for
100. You really did get what you paid for, however.

There were also direct-write DVD-R camcorders fairly popular in the mid
to late 2000s. I remember news stories about most of Barack Obama's
earlier speeches having been lost before his first term as US President
had ended because the only recordings had been made by his supporters
using those camcorders and cheap DVD-R media that did not last.


Note that "nontrivial amounts of data" excludes PGP keys; even a
mini-CD-R holds several megabytes. I will admit that lack of a
reasonable backup strategy is one of the reasons I do not presently use
PGP for encryption.

> [...]
>
> Whether that bit flip hits anything important is another matter, but
> they do add up over time and with enough of them they will eventually
> hit something, worse if it hit something compressed. [...]

CD-ROM format has considerable data expansion. If I remember correctly,
a 650MB data CD actually stores something like 2.1GB after applying the
various ECC layers. There are quite a few bits to flip before anything
is affected.

> Air pollution, temperature, light, and humidity are some of the factors
> affecting the lifespan of the physical storage medium.

One of the advantages of optical media generally is that the discs are
(supposed to be) sealed against their environment. Absent extremes,
(polycarbonate has a melting point, the data is written using very
intense light that locally heats the dye layer) environmental effects
should be minimal. Along these lines, while fire will obviously destroy
optical media, discs should remain readable after being in a flood, for
example. (Some mold removal may be needed, and the data should be
copied to new media in case mold or the chemicals used to remove it
adversely affect the integrity of the environmental seal.)

> > I have SD cards and USB sticks with data blocks last written
> > many years ago and still readable. Granted, I have never used
> > low-end no-name
> [snip]
>
> And by reading them, they have powered up and refreshed the charge. The
> problem applies to such flash storage devices which have been left
> unpowered for longer periods of time.

No, it does not. That is not how flash memory works. Some flash
translation layers might do such things in some devices, but I strongly
doubt that flash-based microcontrollers have undocumented hardware
functions to periodically rewrite the program storage, for example. In
any case, I have both USB sticks and SD cards that have been left
entirely unpowered for years and found the data to still be there,
certainly much longer than the "few months" you mentioned earlier.

Theoretically, the stored charge does eventually leak off of the
floating gate, but EEPROMs (and flash, which is essentially the same
technology) are generally considered to hold data indefinitely. The
data retention specifications are based on "accelerated aging" tests,
which generally involve elevated temperature. The processes involved
are highly nonlinear with respect to temperature and may very easily
require centuries at room temperature or not occur at all without
elevated temperatures; we do not know because flash storage is only now
reaching the milestone of having existed long enough for even the oldest
imprints to be reaching even the "accelerated aging" estimated
lifespan. So far, we are not seeing catastrophic losses of data stored
in flash.


-- Jacob

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

The EEPROM notes are intriguing to me, and if that's an option you're
considering, I went ahead and tossed up some old code onto a gist if you're
interested. It's a crude example of storing PGP private key in flash (vs.
SRAM) using a little PROGMEM hack for the Arduino Uno:

https://u25119845.ct.sendgrid.net/ls/click?upn=AWAj65NY2UMz4TnmUvFN9IGbt1wm4vdbS70yUSppRsMQ5onvQAvzfk4AuG3VBsPrYrmXvCsmH2gOu2hhCVW-2FozFc-2BAJFdnKEEvcyDaqRDNxw2t1swznhe-2Byz9n3cIPh4tmtJZbbj4eNxHx3QmzfV8g-3D-3DkevG_RtEKULAgbs8GArutgsfJQJI1lr9pAjJUwpaVhpathDIPfe3Pjl-2BQZwS7yBZWMJnI-2F-2BW07si5qDvsgMp1WUyDq-2B7vWDN2JV-2B4L1ZHecivxc22dKrcUB5cbcYyYTx8pSJa9w8VTiC2AC3sotGpusq4jw-2Fk6gDJpa-2Bcmm9lMKhxfF7NTRoVvExf2glKlYOeM4S8OAO-2BJfbidgUYdi7zYOI-2BuQ-3D-3D

See also:

-
https://u25119845.ct.sendgrid.net/ls/click?upn=AWAj65NY2UMz4TnmUvFN9AQx4M1sn44MZVITLdjuhzbIZb0aXoHDzv0QZtQTVn5G6QeOWF0rMBkEnPOq-2Fj-2F-2Ff7zu1OGBDd7QcTgBhRzyDH6BBXC0wtfcDwuVmYeObvg6coI4_RtEKULAgbs8GArutgsfJQJI1lr9pAjJUwpaVhpathDIPfe3Pjl-2BQZwS7yBZWMJnI9hF-2FGHq3ueUG6rxidtqSlsMCnF4a-2B-2Fr0wPhEd3WHKLWjkHUB0NZN3Qd4o6hmF1WG7byhUwE-2FVIlacXPQ2PV2ji4Pw-2FnqpZqwNiGNXiZvjHvoIVtnoWv1Q6CYweQNM2VOCkazeKdCoN9nbWb6598Ivg-3D-3D
-
https://u25119845.ct.sendgrid.net/ls/click?upn=AWAj65NY2UMz4TnmUvFN9D9Ta4eWZgsvBZTPHn95mwzOn9PJbOBmsTVroNkfZhHrDU5DGuJrYEOd2BgJLlbEzuoN-2BAHGFNFVmOtv5a8BCVv8CDiB2IuRiauAKIGu9bRICNOG_RtEKULAgbs8GArutgsfJQJI1lr9pAjJUwpaVhpathDIPfe3Pjl-2BQZwS7yBZWMJnIOMlScXfFpwRqgzeOoj-2BzS0pUROFKpH-2FmjVM120PshB2I1tx18tpqjHo7CN-2BvYULJiJK8GYsZ56FlPmVQTHgFK9rztyCjsSTi7nHcWekonmfBpogDYpawqHUnKFJcMs-2FzFF5dKcFP5JVXWWtU-2BB2c2Q-3D-3D


I actually have another slightly more refined project sort of tabled until
I have more time freed up (maybe next couple weeks or so). It involves
allocating and managing zones on a much larger EEPROM space--available on a
single AT24C256C (32 KB up from 1 KB) which is also I2c, meaning you can
daisy chain about 8 of these out, if you want to get crazy. Latest
estimates I came up with suggested I could fit close to 2-3 4096-bit PGP
private keys on one of these things. And the implementation is much simpler
using the Wire.h interface
<https://u25119845.ct.sendgrid.net/ls/click?upn=AWAj65NY2UMz4TnmUvFN9AQx4M1sn44MZVITLdjuhzbIZb0aXoHDzv0QZtQTVn5Ge1KfTz6F6zMS-2FfP04-2Fjjt7iLi-2B-2BsXVWXxIkyqKKiRLAwROh2Z2sTwxGYJLPdBVaYH9Jw_RtEKULAgbs8GArutgsfJQJI1lr9pAjJUwpaVhpathDIPfe3Pjl-2BQZwS7yBZWMJnI0fwWUAB2MDwK37pLvF6ufO6iao-2FvXf08STW1gbf2HSikVG3H9JzlCvtxS5vZt6q0r0PVM5hLP1pPx6h4AHX-2Bl7fOjw8hA-2F24Gyg59SuUGesv14Wl6YvxHe11xr7Mamks9FN35tFf0BVodJ5Dpso3oA-3D-3D>
because
it actually has the room to store larger amounts of data without messing
around with PROGMEM. And it's all offline writing too :)

Ping me if you're interested. Otherwise, I'ma go back to what I was doing ;)

On Thu, May 5, 2022 at 4:58 PM Jacob Bachmeyer via Gnupg-users <
gnupg-users@gnupg.org> wrote:

> Lars Nood?n via Gnupg-users wrote:
> > On 5/5/22 01:11, Jacob Bachmeyer wrote:
> > > Lars Nood?n via Gnupg-users wrote:
> > >> A removable hard drive might be an option, if the storage time
> > >> is less than a decade and there are decent storage conditions
> > >> in regards to chemicals, temperature, humidity, and so on. Flash
> > >> memory seems to lose
> > >> its charge rather quickly, measured in months.
> > >
> > > Write-once optical media is my preferred means of long-term backup for
> > > nontrivial amounts of data,
> > [snip]
> >
> > The number of years that the keys and the data they apply to will be
> > stored unpowered, offline will influence which storage medium is
> > acceptable for the task.
> >
> > Old CD-R were short-lived garage from my experience, but certain models
> > of recently made CD-R should last a while even under slightly
> > non-optimal storage conditions before they start flipping bits.
>
> This depends on the quality of the media. I first got a CD-R drive in
> the mid 2000s and have discs from back then that were still readable
> when I last looked at them a few years ago. Admittedly, these have been
> stored under ordinary room conditions and protected in a disc binder or
> jewel cases and were not the "bargain basement" media that was also
> available at the time. A friend once lamented having something like 3
> to 5 discs out of a 100-pack of "Great Quality" branded CD-R media that
> were actually usable; the rest were either rejected during burning or
> failed immediately upon readback. It is doubtful that those "Great
> Quality" discs are still readable today. There was a significant
> difference in price: the discs I used (Maxell/Memorex/Verbatim name
> brands stand out thinking back) typically cost about $20 for a 50-pack
> or similar for a 100-pack if on sale, while "Great Quality" was $5 for
> 100. You really did get what you paid for, however.
>
> There were also direct-write DVD-R camcorders fairly popular in the mid
> to late 2000s. I remember news stories about most of Barack Obama's
> earlier speeches having been lost before his first term as US President
> had ended because the only recordings had been made by his supporters
> using those camcorders and cheap DVD-R media that did not last.
>
>
> Note that "nontrivial amounts of data" excludes PGP keys; even a
> mini-CD-R holds several megabytes. I will admit that lack of a
> reasonable backup strategy is one of the reasons I do not presently use
> PGP for encryption.
>
> > [...]
> >
> > Whether that bit flip hits anything important is another matter, but
> > they do add up over time and with enough of them they will eventually
> > hit something, worse if it hit something compressed. [...]
>
> CD-ROM format has considerable data expansion. If I remember correctly,
> a 650MB data CD actually stores something like 2.1GB after applying the
> various ECC layers. There are quite a few bits to flip before anything
> is affected.
>
> > Air pollution, temperature, light, and humidity are some of the factors
> > affecting the lifespan of the physical storage medium.
>
> One of the advantages of optical media generally is that the discs are
> (supposed to be) sealed against their environment. Absent extremes,
> (polycarbonate has a melting point, the data is written using very
> intense light that locally heats the dye layer) environmental effects
> should be minimal. Along these lines, while fire will obviously destroy
> optical media, discs should remain readable after being in a flood, for
> example. (Some mold removal may be needed, and the data should be
> copied to new media in case mold or the chemicals used to remove it
> adversely affect the integrity of the environmental seal.)
>
> > > I have SD cards and USB sticks with data blocks last written
> > > many years ago and still readable. Granted, I have never used
> > > low-end no-name
> > [snip]
> >
> > And by reading them, they have powered up and refreshed the charge. The
> > problem applies to such flash storage devices which have been left
> > unpowered for longer periods of time.
>
> No, it does not. That is not how flash memory works. Some flash
> translation layers might do such things in some devices, but I strongly
> doubt that flash-based microcontrollers have undocumented hardware
> functions to periodically rewrite the program storage, for example. In
> any case, I have both USB sticks and SD cards that have been left
> entirely unpowered for years and found the data to still be there,
> certainly much longer than the "few months" you mentioned earlier.
>
> Theoretically, the stored charge does eventually leak off of the
> floating gate, but EEPROMs (and flash, which is essentially the same
> technology) are generally considered to hold data indefinitely. The
> data retention specifications are based on "accelerated aging" tests,
> which generally involve elevated temperature. The processes involved
> are highly nonlinear with respect to temperature and may very easily
> require centuries at room temperature or not occur at all without
> elevated temperatures; we do not know because flash storage is only now
> reaching the milestone of having existed long enough for even the oldest
> imprints to be reaching even the "accelerated aging" estimated
> lifespan. So far, we are not seeing catastrophic losses of data stored
> in flash.
>
>
> -- Jacob
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> https://u25119845.ct.sendgrid.net/ls/click?upn=AWAj65NY2UMz4TnmUvFN9EYEqtNOGKM5EVTRJHzYauGZHQfmaLnBrHl5qgXgVVD7oMr9xT2-2FmICVLCVAwlw5rA-3D-3DZSQ7_RtEKULAgbs8GArutgsfJQJI1lr9pAjJUwpaVhpathDIPfe3Pjl-2BQZwS7yBZWMJnIaNZeES-2FvuI8enVsZnpzCQAeAMQ9aToEqX6In0wGW1siKL45MfHjp8-2FjKMYhbvzs9hYtBseE3UnkmINIAjCLkRsjw8zjCTbus64Kmm3oQWj3mtQb1m19-2FthQp3f5ruMZR1oHrAhH7mn4OWHh0UbsUig-3D-3D
>

Sorry for the lame tracking links; that's apparently a setting
automatically enabled by SendGrid which I'm using to send out on my custom
email domain. Hopefully they're disabled now and below are showing the
original URLs as I had pasted them, else I give up, lol.

Demo:

-
https://gist.github.com/mattborja/475fa600604073780bd47ada019f98f3#file-demo-pgp-progmem-ino

See also:

-
https://www.arduino.cc/reference/en/language/variables/utilities/progmem/
-
https://forum.arduino.cc/t/maximum-progmem-data-size-arduino-mega/373448
-
https://www.arduino.cc/reference/en/language/functions/communication/wire/

Sorry about that :/

On Thu, May 5, 2022 at 5:30 PM Matt Borja <me@mattborja.dev> wrote:

> The EEPROM notes are intriguing to me, and if that's an option you're
> considering, I went ahead and tossed up some old code onto a gist if you're
> interested. It's a crude example of storing PGP private key in flash (vs.
> SRAM) using a little PROGMEM hack for the Arduino Uno:
>
>
> https://gist.github.com/mattborja/475fa600604073780bd47ada019f98f3#file-demo-pgp-progmem-ino
> <https://u25119845.ct.sendgrid.net/ls/click?upn=AWAj65NY2UMz4TnmUvFN9IGbt1wm4vdbS70yUSppRsMQ5onvQAvzfk4AuG3VBsPrYrmXvCsmH2gOu2hhCVW-2FozFc-2BAJFdnKEEvcyDaqRDNxw2t1swznhe-2Byz9n3cIPh4W-2BYBrk-2BpyHiZIKYIQmoMug-3D-3DV0Ta_RtEKULAgbs8GArutgsfJQJI1lr9pAjJUwpaVhpathDIPfe3Pjl-2BQZwS7yBZWMJnI8TTLxk-2ByGe4pgfFJvX4Bou5C1fI0D7YgUtxldOLGY2VAvmD-2BhNd5ZjVBI84zy0W6wYBQUW2egN3ZvTWqkVgr5Ki25FFuLtzJmFdhajt43EDNI9gvI1fPREu8rqww-2BAuc2ZiZpqBvtHDnygI3FFiPIA-3D-3D>
>
> See also:
>
> -
> https://www.arduino.cc/reference/en/language/variables/utilities/progmem/
> <https://u25119845.ct.sendgrid.net/ls/click?upn=AWAj65NY2UMz4TnmUvFN9AQx4M1sn44MZVITLdjuhzbIZb0aXoHDzv0QZtQTVn5G6QeOWF0rMBkEnPOq-2Fj-2F-2Ff7zu1OGBDd7QcTgBhRzyDH4q1Qa4hKC1pW-2B5shivQuz2-pNK_RtEKULAgbs8GArutgsfJQJI1lr9pAjJUwpaVhpathDIPfe3Pjl-2BQZwS7yBZWMJnIs0eLUh8X8mkQXRXN0qL-2BBI-2FP4WUNAdH68KatJpGY4XnBJc1O9Z-2Fp8uJZzHoJh8CO0VAx7LKYRpllB2X8hoINRB8LODQA9wxUxsUo3vaInLMOtnn1bG-2BPfHIe9vmiIIj8fYGCPCauytMO3gkg1bzIvg-3D-3D>
> -
> https://forum.arduino.cc/t/maximum-progmem-data-size-arduino-mega/373448
> <https://u25119845.ct.sendgrid.net/ls/click?upn=AWAj65NY2UMz4TnmUvFN9D9Ta4eWZgsvBZTPHn95mwzOn9PJbOBmsTVroNkfZhHrDU5DGuJrYEOd2BgJLlbEzuoN-2BAHGFNFVmOtv5a8BCVv77dVdCk1P2ur7j9Lk4-2BlxudYJ_RtEKULAgbs8GArutgsfJQJI1lr9pAjJUwpaVhpathDIPfe3Pjl-2BQZwS7yBZWMJnIOKWoTGe4DPfo8uZNGCmg5Fk1rcQH7bAWfFiVo2b79KBuCgeDyruSwox0wOeeujmNXVfuszbFsPmorLH3NH7EuqPFfGZ2lg7CAr-2B7afdkAYj6tFLteNf1Se9JcpxX7vfp8bl7nO58zU2vmWBMHg4ciw-3D-3D>
>
>
> I actually have another slightly more refined project sort of tabled until
> I have more time freed up (maybe next couple weeks or so). It involves
> allocating and managing zones on a much larger EEPROM space--available on a
> single AT24C256C (32 KB up from 1 KB) which is also I2c, meaning you can
> daisy chain about 8 of these out, if you want to get crazy. Latest
> estimates I came up with suggested I could fit close to 2-3 4096-bit PGP
> private keys on one of these things. And the implementation is much simpler
> using the Wire.h interface
> <https://u25119845.ct.sendgrid.net/ls/click?upn=AWAj65NY2UMz4TnmUvFN9AQx4M1sn44MZVITLdjuhzbIZb0aXoHDzv0QZtQTVn5Ge1KfTz6F6zMS-2FfP04-2Fjjt7iLi-2B-2BsXVWXxIkyqKKiRLAwROh2Z2sTwxGYJLPdBVaYSGU1_RtEKULAgbs8GArutgsfJQJI1lr9pAjJUwpaVhpathDIPfe3Pjl-2BQZwS7yBZWMJnIfjLNgZ7IsVl1oWy83Y8SM8BK9HL-2FneeITNQy9izOirkQE-2BUYita4NN3ZMjmmmGw6yACC-2Fh8McICKg-2FYGQ9n3T131vam4C5Dz0CJQ9zu3V8-2BAEvt-2Ba2XFUtRLE0ggOEd6jWmzE3kdWH4gCZ0AEt8j-2BQ-3D-3D> because
> it actually has the room to store larger amounts of data without messing
> around with PROGMEM. And it's all offline writing too :)
>
> Ping me if you're interested. Otherwise, I'ma go back to what I was doing
> ;)
>
> On Thu, May 5, 2022 at 4:58 PM Jacob Bachmeyer via Gnupg-users <
> gnupg-users@gnupg.org> wrote:
>
>> Lars Nood?n via Gnupg-users wrote:
>> > On 5/5/22 01:11, Jacob Bachmeyer wrote:
>> > > Lars Nood?n via Gnupg-users wrote:
>> > >> A removable hard drive might be an option, if the storage time
>> > >> is less than a decade and there are decent storage conditions
>> > >> in regards to chemicals, temperature, humidity, and so on. Flash
>> > >> memory seems to lose
>> > >> its charge rather quickly, measured in months.
>> > >
>> > > Write-once optical media is my preferred means of long-term backup for
>> > > nontrivial amounts of data,
>> > [snip]
>> >
>> > The number of years that the keys and the data they apply to will be
>> > stored unpowered, offline will influence which storage medium is
>> > acceptable for the task.
>> >
>> > Old CD-R were short-lived garage from my experience, but certain models
>> > of recently made CD-R should last a while even under slightly
>> > non-optimal storage conditions before they start flipping bits.
>>
>> This depends on the quality of the media. I first got a CD-R drive in
>> the mid 2000s and have discs from back then that were still readable
>> when I last looked at them a few years ago. Admittedly, these have been
>> stored under ordinary room conditions and protected in a disc binder or
>> jewel cases and were not the "bargain basement" media that was also
>> available at the time. A friend once lamented having something like 3
>> to 5 discs out of a 100-pack of "Great Quality" branded CD-R media that
>> were actually usable; the rest were either rejected during burning or
>> failed immediately upon readback. It is doubtful that those "Great
>> Quality" discs are still readable today. There was a significant
>> difference in price: the discs I used (Maxell/Memorex/Verbatim name
>> brands stand out thinking back) typically cost about $20 for a 50-pack
>> or similar for a 100-pack if on sale, while "Great Quality" was $5 for
>> 100. You really did get what you paid for, however.
>>
>> There were also direct-write DVD-R camcorders fairly popular in the mid
>> to late 2000s. I remember news stories about most of Barack Obama's
>> earlier speeches having been lost before his first term as US President
>> had ended because the only recordings had been made by his supporters
>> using those camcorders and cheap DVD-R media that did not last.
>>
>>
>> Note that "nontrivial amounts of data" excludes PGP keys; even a
>> mini-CD-R holds several megabytes. I will admit that lack of a
>> reasonable backup strategy is one of the reasons I do not presently use
>> PGP for encryption.
>>
>> > [...]
>> >
>> > Whether that bit flip hits anything important is another matter, but
>> > they do add up over time and with enough of them they will eventually
>> > hit something, worse if it hit something compressed. [...]
>>
>> CD-ROM format has considerable data expansion. If I remember correctly,
>> a 650MB data CD actually stores something like 2.1GB after applying the
>> various ECC layers. There are quite a few bits to flip before anything
>> is affected.
>>
>> > Air pollution, temperature, light, and humidity are some of the factors
>> > affecting the lifespan of the physical storage medium.
>>
>> One of the advantages of optical media generally is that the discs are
>> (supposed to be) sealed against their environment. Absent extremes,
>> (polycarbonate has a melting point, the data is written using very
>> intense light that locally heats the dye layer) environmental effects
>> should be minimal. Along these lines, while fire will obviously destroy
>> optical media, discs should remain readable after being in a flood, for
>> example. (Some mold removal may be needed, and the data should be
>> copied to new media in case mold or the chemicals used to remove it
>> adversely affect the integrity of the environmental seal.)
>>
>> > > I have SD cards and USB sticks with data blocks last written
>> > > many years ago and still readable. Granted, I have never used
>> > > low-end no-name
>> > [snip]
>> >
>> > And by reading them, they have powered up and refreshed the charge. The
>> > problem applies to such flash storage devices which have been left
>> > unpowered for longer periods of time.
>>
>> No, it does not. That is not how flash memory works. Some flash
>> translation layers might do such things in some devices, but I strongly
>> doubt that flash-based microcontrollers have undocumented hardware
>> functions to periodically rewrite the program storage, for example. In
>> any case, I have both USB sticks and SD cards that have been left
>> entirely unpowered for years and found the data to still be there,
>> certainly much longer than the "few months" you mentioned earlier.
>>
>> Theoretically, the stored charge does eventually leak off of the
>> floating gate, but EEPROMs (and flash, which is essentially the same
>> technology) are generally considered to hold data indefinitely. The
>> data retention specifications are based on "accelerated aging" tests,
>> which generally involve elevated temperature. The processes involved
>> are highly nonlinear with respect to temperature and may very easily
>> require centuries at room temperature or not occur at all without
>> elevated temperatures; we do not know because flash storage is only now
>> reaching the milestone of having existed long enough for even the oldest
>> imprints to be reaching even the "accelerated aging" estimated
>> lifespan. So far, we are not seeing catastrophic losses of data stored
>> in flash.
>>
>>
>> -- Jacob
>>
>> _______________________________________________
>> Gnupg-users mailing list
>> Gnupg-users@gnupg.org
>> https://lists.gnupg.org/mailman/listinfo/gnupg-users
>> <https://u25119845.ct.sendgrid.net/ls/click?upn=AWAj65NY2UMz4TnmUvFN9EYEqtNOGKM5EVTRJHzYauGZHQfmaLnBrHl5qgXgVVD7vBRgqcz2jUvGsIaK0YTgxw-3D-3DNawK_RtEKULAgbs8GArutgsfJQJI1lr9pAjJUwpaVhpathDIPfe3Pjl-2BQZwS7yBZWMJnI-2B0b8Q1mfwSefwiyj7U-2BBPFeSplVvSG98ApCuOMsEsulcQx-2B5zXMOh0SEa36HFdc4Dew4WvXJeCtXoTM2GpcCXXP8UP61mE-2FZr73O-2BMQzW2VePklc6-2FuEpTJBgZ6fU0pkoxJB91K-2FYORZOt0-2FYijcYg-3D-3D>
>>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> https://lists.gnupg.org/mailman/listinfo/gnupg-users
>

> And by reading them, they have powered up and refreshed the charge. The
> problem applies to such flash storage devices which have been left
> unpowered for longer periods of time. Again, it depends a bit on what
> the planned retention period is for the keys and their data.

A few months ago I rediscovered an old USB stick, whose existence I'd completely forgotten.
Had not touched that thing in around eight or nine years. Despite that it read just fine.
And we're not talking about some high quality premium device here. Named well known brand yes, but a cheap model.
I highly doubt the "flash can only store for a few months". In my personal experience flash can survive for many years.
Sure, sometimes new drives and cards can fail really quickly, but the same can be said about other media like HDDs too. If it survives the first couple months (or even weeks) then it will most likely last for years.

I still remember buying some first generation consumer SSDs back in 2010. Back then everybody was wary, saying the tech is too new and flash doesn't life long enough.
Used some of those drives in computers that run 24/7 and the last of them was replaced when it showed signs of dying about year ago (early 2021).
I'd say eleven years was a decent lifespan. ;)

In my opinion the longevity of flash, no matter the format, is greatly underestimated. Plus a real advantage I noticed is that many drives don't die suddenly like HDDs tend to do, instead they often die slowly giving you time to replace them.
As such I wouldn't mind at all storing my keys on a flash drive.
Also, if you have valuable data you should always store it on at least two devices that are physically separated anyway. So if one fails it shouldn't be a big deal.

(With all of that being said, I'd still be in favor of an easy way to store on paper.)

Greetings
Sven



------- Original Message -------
On Thursday, May 5th, 2022 at 7:44 AM, Lars Noodén via Gnupg-users <gnupg-users@gnupg.org> wrote:


> On 5/5/22 01:11, Jacob Bachmeyer wrote:
>
> > Lars Noodén via Gnupg-users wrote:
>
> > > A removable hard drive might be an option, if the storage time
>
> > > is less than a decade and there are decent storage conditions
>
> > > in regards to chemicals, temperature, humidity, and so on. Flash
>
> > > memory seems to lose
>
> > > its charge rather quickly, measured in months.
>
> > Write-once optical media is my preferred means of long-term backup for
>
> > nontrivial amounts of data,
>
> [snip]
>
> The number of years that the keys and the data they apply to will be
> stored unpowered, offline will influence which storage medium is
> acceptable for the task.
>
> Old CD-R were short-lived garage from my experience, but certain models
> of recently made CD-R should last a while even under slightly
> non-optimal storage conditions before they start flipping bits.
> However, it's hard to know until it's too late. And all bets are off
> for bad storage condistions. Now that the quality has improved, under
> optimal storage conditions, they ought to retain data for decades:
>
> https://www.canada.ca/en/conservation-institute/services/conservation-preservation-publications/canadian-conservation-institute-notes/longevity-recordable-cds-dvds.html
>
> https://www.loc.gov/preservation/resources/rt/NIST_LC_OpticalDiscLongevity.pdf
>
> Whether that bit flip hits anything important is another matter, but
> they do add up over time and with enough of them they will eventually
> hit something, worse if it hit something compressed. I'm sure BtrFS or
> OpenZFS might be relevant there.
>
> Air pollution, temperature, light, and humidity are some of the factors
> affecting the lifespan of the physical storage medium.
>
> > I have SD cards and USB sticks with data blocks last written
>
> > many years ago and still readable. Granted, I have never used
>
> > low-end no-name
>
> [snip]
>
> And by reading them, they have powered up and refreshed the charge. The
> problem applies to such flash storage devices which have been left
> unpowered for longer periods of time. Again, it depends a bit on what
> the planned retention period is for the keys and their data.
>
> /Lars
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> https://lists.gnupg.org/mailman/listinfo/gnupg-users

On Tue, 03 May 2022 19:52:21 +0000 (UTC)
Matt Borja <me@mattborja.dev> wrote:

> Does exporting your private key (which already comes encrypted and requires
> password authentication) to encrypted USB flash drive then placed under
> lock and key not suffice as an offline backup?

If the USB flash drive does not fail, then yes, it would suffice.

NAND Flash memory (the sort used in USB flash drives), relies on a
static charge being placed on the gate of a MOSFET to "bias" the MOSFET
on or off.

In a perfect world, that gate is perfectly insulated and will not leak.

We don't live in such a world, there is a non-infinite resistance that
allows a leakage current, and the charge will eventually fade. How
long will that take? Who knows?

On the other hand, there are paper recordings that have lasted millennia.

Personally, I'm eyeing off the A3 pen-plotter that's at my feet right
now and wondering whether I could get it to "draw" a QR code or similar
2D barcode of a private key. Sure, it's computer-driven, but it's old
enough to not have the storage capacity to "remember" an A3 image of
a private key. Make such a program also emit G-code, and you could likely
use any el-cheapo 3D printer mechanism to cobble together such a plotter.
--
Stuart Longland (aka Redhatter, VK4MSL)

I haven't lost my mind...
...it's backed up on a tape somewhere.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Stuart Longland via Gnupg-users wrote:
> On Tue, 03 May 2022 19:52:21 +0000 (UTC)
> Matt Borja <me@mattborja.dev> wrote:
>
> > Does exporting your private key (which already comes encrypted and requires
> > password authentication) to encrypted USB flash drive then placed under
> > lock and key not suffice as an offline backup?
>
> If the USB flash drive does not fail, then yes, it would suffice.
>
> NAND Flash memory (the sort used in USB flash drives), relies on a
> static charge being placed on the gate of a MOSFET to "bias" the MOSFET
> on or off.
>
> In a perfect world, that gate is perfectly insulated and will not leak.
>
> We don't live in such a world, there is a non-infinite resistance that
> allows a leakage current, and the charge will eventually fade. How
> long will that take? Who knows?

1 of 2 electret condenser microphones (Unisound EM-850), bought ~
1976, has failed so far with me. The industry did back then expect them
to discharge eventually. They've only been used for minutes each
decade, so it wasn't over use. Dometic storage temperate humidity &
temperature, not hot or cold warehouse, not polar or tropics, boxed,
no sunshine, no ionising radiaton beyond domestic terrestial.

https://en.wikipedia.org/wiki/Electret_microphone

Disk manufacturers' data sheets on error rates were a sobering experience
years back. Probably the same for USB sticks now.
Best copy on multiple media types from different manufacturers.

Cheers,
--
Julian Stacey http://berklix.com/jhs/ http://stolenVotes.uk
Arm Ukraine, Zap killer Putin, grain & fuel loss hits poorest.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

On 2022-05-23 5:01, Stuart Longland via Gnupg-users wrote:

> On the other hand, there are paper recordings that have lasted millennia.

Since paper as we know it today doesn't even exist so long that can't be
true. Maybe you are pointing to the few surviving papyrus texts? Most
have not survived.

If you really care about such long preservation, carving the key into
stone or baking it in a clay tablet are the only known methods that can
reliably store data for so long (also because other methods don't exist
for so long).

Even if the USB stick lasts for millennia, there may not be a reader for
it around at that time.

--
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Il 25 maggio 2022 alle 21:13 Johan Wevers via Gnupg-users ha scritto:
> On 2022-05-23 5:01, Stuart Longland via Gnupg-users wrote:
>
> > On the other hand, there are paper recordings that have lasted millennia.
>
> Since paper as we know it today doesn't even exist so long that can't be
> true. Maybe you are pointing to the few surviving papyrus texts? Most
> have not survived.

Paper was first made in the Chinese Empire, around two millennia ago. Sheets
made with high quality pulp survived to this day.
Process is slightly different today, archivists also know a lot more about
what is dangerous to paper preservation.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

> Since paper as we know it today doesn't even exist so long that can't
> be true. Maybe you are pointing to the few surviving papyrus texts?
> Most have not survived.

I've personally seen paper ballots from elections in the Senate of
ancient Rome. Admittedly, this was 15 years ago so I can no longer say
precisely which century they were from, but they were indeed paper and
the marks on them were still legible.

The reason why few paper texts survived to the modern day isn't that
paper isn't durable. It's because paper *IS* durable. It's a
fantastically useful material and, for most of human history, was
incredibly expensive. Rather than preserve paper, people re-used it
again and again until it just wore out. (They did the same thing with
vellum, too, which was preferred not because it stood up to repeated use
better, but because it was so much *cheaper*.)

Many Gutenberg Bibles are still in fine condition today. Of about 160
copies printed, about fifty still exist today. The paper in question is
linen, which is still used by archivists looking for long-term
preservation.

So, yeah. I'm going to be solidly on the side of "no, really, paper is
a magic technology, just be sure to talk with an archivist first to
ensure you're using the right kind of paper."

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

On 2022-05-25 22:22, Francesco Ariis wrote:

> Paper was first made in the Chinese Empire, around two millennia ago
I see that that was indeed considered what we call paper today, unlike
the ancient Egyptian papyrus.

> Sheets made with high quality pulp survived to this day.

Some sheets survive. I'm sure some CDR's and some USB sticks will also
survive for many centuries, but most probably won't.

--
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

On 5/26/2022 at 12:52 AM, "Robert J. Hansen via Gnupg-users" wrote:
So, yeah. I'm going to be solidly on the side of "no, really, paper
is
a magic technology, just be sure to talk with an archivist first to
ensure you're using the right kind of paper."

=====

The other thing to consider is the Ink.
In Ancient and Medieval times, the ink was not standardized, and
varied in the quantity of the ingredients. All were permanent but
some were too acidic and burned through the paper. Many monastery
manuscripts centuries old are still in very good condition.

Today there are "Bulletproof" permanent inks
(not resistant to real bullets, but resistant to water, alcohol,
bleach, soap, and known solvents.)
https://www.jetpens.com/blog/Noodler-s-Fountain-Pen-Inks-A-Comprehensive-Guide/pt/902#bulletproof

The Noodler Eternal inks are available in a larger variety of
permanent colors, and are all fountain pen safe.

https://noodlersink.com/product/19208-eternal-polar-blue/

Vedaal

>
> If you really care about such long preservation, carving the key into
> stone or baking it in a clay tablet are the only known methods that can
> reliably store data for so long (also because other methods don't exist
> for so long).


I'm also curious about a couple options I don't think I've seen mentioned
as of yet:

- What about using a laminator in conjunction with the paper hard copy
in the interest of longevity; and perhaps one of these all-weather Plano
cases (or perhaps cheaper/simpler: some ABS/PVC encasing)?
- If we somehow trust the currently available cryptography systems used
to protect our financial assets (i.e. TLS to encrypt your *connection* to
your bank website, etc.) and identity and tax information (i.e. bank
account information, social security, AGI, PII, business, etc.), could the
same also not be trusted to: 1) encrypt your private key and enable you to
2) stored said encrypted private key to a redundant medium like a
cloud-based vault (multiple).
- Related to this approach: Is the passphrase on a private key not
sufficient encryption strength to store the private key in a secure cloud
vault for archival purposes; or could it not be paired with a
second factor
to derive the same archival benefit?

Seems to me that achieving indefinite longevity could be more readily done
on a computer system that makes it easy to *replicate* bytes on disk; if
some encryption system trustworthy enough exists and could be used
to protect said bytes before replication.

On Mon, 30 May 2022 19:52, Matt Borja said:

> - Related to this approach: Is the passphrase on a private key not
> sufficient encryption strength to store the private key in a secure cloud
> vault for archival purposes; or could it not be paired with a

The currently used protection of private keys as specified by OpenPGP
allows to attack the key iff the attacker has a way to modify the
protected key on the transport.

This is not the old Klima/Rosa attack but a new attack which takes
advantage of the fact that the public key parts are not bound to the
encrypted private parts of the key. Thus the suggestion is to not rely
on the OpenPGP private key protection but to convey those private keys
with an additional OpenPGP encryption layer.

Note that the internal format used by GnuPG to store the private keys is
not affected buy this attack. This is because the public key parts in
the files below private-keys-v1.d are included in the authenticated
encryption of the private parts as additional data
(openpgp-s2k3-sha1-aes-cbc and openpgp-s2k3-ocb-aes schemes)

Always take care when conveying private keys.


Salam-Shalom,

Werner


--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein