Key safety vs Backup : History of a bad day (key-restoration problem)

David Shaw dshaw at
Fri Nov 2 03:11:18 CET 2007

On Wed, Oct 31, 2007 at 04:59:29PM +0930, Roscoe wrote:
> Not answering your questions but two handy tools I like :)
> A while ago we had a big discussion regarding printing out keys for backup,
> which (I think) prompted David Shaw to write a following small program to
> assist those wanting to do so, here's part of the description of that program:
> "Due to metadata and redundancy, OpenPGP secret keys are significantly
> larger than just the "secret bits".  In fact, the secret key contains
> a complete copy of the public key.  Since the public key generally
> doesn't need to be escrowed (most people have many copies of it on
> various keyservers, web pages, etc), only extracting the secret parts
> can be a real advantage.
>  Paperkey extracts just those secret bytes and prints them.  To
> reconstruct, you re-enter those bytes (whether by hand or via OCR) and
> paperkey can use them to transform your existing public key into a
> secret key."
> --

I've actually been rather surprised with the number of downloads of
paperkey.  I expected it to be in the tens, but there have been
several hundred downloads.

> (I think splitting a password into a few shares and distributing them
> in suitable places is a sane way of writing down passwords. Other
> people may disagree.)

Is secret sharing a feature that people would want in paperkey?  You'd
be able to print out a number of pages, and pick some threshold number
of pages that would be needed to reconstruct the key.

I consider paperkey as the "backup of last resort", and it occurs to
me that the ability to stash different printed backups in multiple
places is useful, in case there is fading/damage to a printout as
happened to the poor fellow who started this thread.  That said, I am
not completely convinced that it is better to use multiple
secret-shared printouts rather than just multiple copies of the same
printout.  Does anyone see a good use case (aside from the cool-trick
factor) to using secret sharing in paperkey?


More information about the Gnupg-users mailing list