For years I have been keeping a small font printout of my important SSH and GPG private keys hidden and locked away for safe-keeping. I have lost enough floppies, CDs, and DVDs to bit rot, so I do not have much trust in them for the long-term storage of something this important.
The hard copies are nice, but I sure don't want to have to manually type in an error-free copy of my private keys. That is why I now print two copies of each of my keys. One copy is text, the other copy is a QR Code.
QR Codes are popping up all over the place lately. Some of the websites hosting Android software that I use have QR Code images on them, so you can just snap a picture of the code with your smart phone and be taken straight to the website. This one will bring you to this blog:
An alphanumeric QR Code can contain up to 4,296 characters. This was plenty for my SSH and GPG private keys.
Where Should I Store My Backup Keys?
That would depend on your level of paranoia. You could store them in your safe deposit box at your bank, in a safe at home, under your mattress, or you could bury it in your back yard.
Why Bother Storing a Hard Copy of your Keys?
I am mostly worried about losing my GPG private key. I have gigabytes upon gigabytes of backups and important data encrypted with my key. Completely losing that key would turn all that data into useless bits.
Losing my SSH key(s) wouldn't have nearly as much impact. There would just be a few hosts that I would have trouble logging into. The extra effort to print the SSH key along with the GPG is minimal, though.