in, not merely a short password.
As long as you can remember it.
This is standard...MIT's Kerberos and Phil Zimmerman's PGP
use a password to unlock the cryptographic key.
So, how do you back up the key without GAK?
In other words, what do all companies do for this situation now?
A situation that applies to all company data whether or not it is encrypted.
A situation that has existed since the invention of the computer.
You back it up.
Make backups of the key.
You can start by making your own key copy using off-site secure storage backup.
Several authorized people can have a copy of the key, and they
can each use their own password to get access to the key.
The key is backed up not only by being on several different
machines, it is also backed up in the off-line backups for
these machines. After JUST ONE WEEK, you'll have 24 total
copies of the key (3 + 3*7). After the first month: 214 copies.
The government somehow thinks you'll clamor for THEM to backup your key
by giving them a cop