I am “sort of” doing the same thing, by just using a local encrypted zip (aes-256) with the password I know, for restoring the keys. The point that I’m trying to make is that I need to keep these user-keys passphrase-less to get around the issue of users forgetting their passphrases. Right now, I have to go to the effort of importing the file into gpg, running passwd, to remove the passphrase (requiring me to get it from the user, rather than the user giving me the passphrase-less key), and then storing them in the encrypted zip. I then have to retrospectively go through the process in reverse in order to add a passphrase if I wish to recover.
It would be a lot simpler to me if the system could be configured to work with passphrase-less keys. E.g. when the user is given the backup key, and when the key is imported into the system again. By all means put a warning in there, and have this not be the default setting, but I would prefer to rely on my capability to keep the keys safe as an administrator, rather than relying on users remembering passwords/passphrases.
I think I found the escrow post. That would work nicely, as long as the admin key is encrypting a passphrase-less version of the user key, rather than re-encrypting an already encrypted key. The latter would not resolve users forgetting their passphrases. This has already been pointed out in the comments.
