Unusual way of backup sensitive data

Over the weekend I was in a backup mood, so I decided to start backup everything on my local computers. First of all, I started with sensitive data (which I call vault), namely:

  • credentials for local and remote machines
  • SSH keys (and associated passphrases)
  • Hard Disk encryption keys
  • Wi-Fi passwords
  • PGP keys (and associated passphrases)
  • PINs
  • Credit Card numbers

I usually put every item of this list on an external drive which will be then copied as an offsite backup in a remote location (sorry, no cloud); and I usually store passphrases in a different drive than the ones which contains keys.

As a shower thought, I think “Why not having a copy of all that data in a paper format?” A downside of this approach is that data is plain and accessible to everyone having a look at that paper.

Given I recall my PGP private key passphrase very well (and it’s long enough) and key is stored in a very secure location, I decided to:

  1. Dump all the raw data of the vault in a text file
  2. Encrypt it with my public key
  3. Print the resulting ASCII file (which resulted in roughly eight A4 pages of text). I used Consolas font, size 8.

If I would ever have to access that file, I will need to:

  1. Scan the 8 pages and OCR all data, hoping all characters are decoded correctly
  2. Retrieve my PGP private key and passphrase
  3. Decrypt it

Yes, it’s an emergency last resort. What do you think of this approach?

Leave a Reply