I also know that protecting the keyring is of paramount inportance
  in a security situation. All I could suggest is an unencrypted copy
  of the root/critical systems with updated keyring and archived and
  stored in a physically high security area. For that matter I think
  any mission/critical or rapid recovery system should have this anyway.

Sure, but depending on one's threat model this is precisely the data
that needs to be encrypted in transport.

My last emergency (total hard drive failure in tape drive system), I
did a fresh install and then used dd to read the whole tape to disk
(streaming, and read bits on first pass).  This is almost just like
'amrestore -c /dev/nrst0', and having that would have been easier.

-- 
        Greg Troxel <gdt AT ir.bbn DOT com>