Key safety vs Backup : History of a bad day (key-restoration problem)

Roscoe eocsor at
Wed Oct 31 08:29:29 CET 2007

Not answering your questions but two handy tools I like :)

A while ago we had a big discussion regarding printing out keys for backup,
which (I think) prompted David Shaw to write a following small program to
assist those wanting to do so, here's part of the description of that program:

"Due to metadata and redundancy, OpenPGP secret keys are significantly
larger than just the "secret bits".  In fact, the secret key contains
a complete copy of the public key.  Since the public key generally
doesn't need to be escrowed (most people have many copies of it on
various keyservers, web pages, etc), only extracting the secret parts
can be a real advantage.

 Paperkey extracts just those secret bytes and prints them.  To
reconstruct, you re-enter those bytes (whether by hand or via OCR) and
paperkey can use them to transform your existing public key into a
secret key."


The author of seccure [ECC implementation mentioned recently on this
list] also wrote an implementation of shamirs secret sharing scheme
named ssss which
is quite easy to use and maybe a good idea for those wanting to keep
some paper record of their password for when their memory fails them.

(I think splitting a password into a few shares and distributing them
in suitable places is a sane way of writing down passwords. Other
people may disagree.)

BW laser printers are pretty cheap now :)

-- Roscoe

On 10/28/07, Nicolas Pillot <nicolas.pillot at> wrote:
> [ Disclaimer ]
> This post is at the same time a real-life story, and a request for ideas.
> I hope the tone of it won't be too boring, and well, if you're impatient,
> just skip to the end ! (namely [ Enter the questions ])
> [ Intro ]
> Good evening to all of you. This is my first post on this list, so
> don't hesitate if it's the wrong place to ask for what i'll discuss
> here. I hope i've hit the most general list, as my question isn't
> exaclty linked to gnupg, though it has been my tool of choice for some
> years now.
> I come tonight, because, as you could guess, i have a "small" problem.
> "Small" in that it's not über-vital, but problematic enough for me be
> open for any kind of solution, whatever it might be. Let me explain my
> situation and questions, for if you could give any hint, it'll make my
> day.
> Ages back, i installed some linux distribution. Later on, i heard
> about public key encryption schemes. Enters gnupg, which generated my
> very first pair of keys, on 24th april 2001. As all newbies are
> tempted to, i had it to never expire, and published it on a keyserver.
> I have been using it ever since, without any trouble, until this
> god-forgotten 21st october 2007. A bloody sunday, as the song says. On
> that very day, my hard drive gave an unexpected error and died a
> horrible death. All in all, not a surprise, as it was quite old.
> data-wise, it was no big trouble as my data are carefully backed up.
> The day after, i bought two news drives, set them as raid (this is my
> first raid setup) and installed a new system, restored my data.
> Everything was almost perfect.
> [ Back to the problem ]
> Even though my "normal" data are backed up twice (once on a distant
> server, and once on removable media), the "immensly
> valuable/sensitive/priceless/unique" data (ie, my key) is not backed
> up on the same scheme. Instead, when i created the key pair, i
> immediately generated a revocation certificate. I then exported the
> private and public keys, along with fingerprint, in an ascii file. I
> stored the .gnupg folder, the revocation certificate, and the exported
> ascii versions on a brand new, dedicated, wooping 32MB usb stick. I
> printed the revocation certificate and put it in an archive box by my
> grandmother (separate building 450km away), and stored the USB stick
> in a box on a shelf in my basement. You might call me paranoid, but i
> just did so to avoid the potential trouble some people were having on
> the forum. It was an effortless process at that time, and i thought
> i'd be safe. On 5th may 2002, about one year later, i lost my hard
> drive due to a corrupted FAT and started to panick until i remembered
> the usb-stick., which gave me my keys back after an system re-install.
> I was happy i did a backup.
> So, this monday, 23rd oct, i walked confidently down to the basement,
> opened the box, picked the stick, and walked back to the pc, almost
> whistling. I mounted it, read-only, or, well.... tried to mount it.
> After a big *shrug*, i realized it wouldn't mount whatever i tried to
> do. I tried on a windows laptop, and went to a friend's place to see
> if his OSX had better chance to access my data. Nothing helped. My
> .gnupg folder and ascii keys are unavailable. And as such, my
> encrypted data seems to be lost.
> After a while, i realized there was not many solutions, and the only
> thing i could do to get things done in any kind of right way was to
> get my hands back on the revocation certificate. It might even be a
> good reason to drive all the way and pay a visit to my grand'ma, after
> all. That's what i did today. She was happy to see me, and in good
> shape, but it's out of topic. After a while, i climbed in the attic,
> where the family treasures lie, and among them, the so-sought
> revocation certificate. I opened the archive box, searched various
> papers, and found it. Then cursed myself.
> The paper was starting to turn yellowish on the edges, and the (black)
> ink had turned dim, even gray in some areas, and well, the document
> wasn't in outstanding shape. And though most of it was perfectly
> readable, there are some small parts, which are quite blurred (due to
> humidity ?) and well, i suddenly wondered if there was any curse
> hanging over my head. I made a mental note : don't ever, ever, ever
> print something important on a cheap bubble-jet printer using discount
> ink cartridge. Either do that and then xerox it, or print it on a
> laser printer. Using large font-size, and finally, don't use
> "courrier" as i did even if you initially thought it'd be ok.
> Because now, i'm stuck with a bunch of c/o, I/1, 0/O, and even some
> h/b i can't for the love of god figure out who is who. After careful
> reading, and although it's very short, i have exactly 8-9 characters i
> can't read at all, as the others can be guessed. Had i printed it via
> something like "DejaVu sans mono", where small L and ones look
> different, and where zeros have an inside center dot, well, the task
> wouldn've been easy. Or i could have printed it twice, or even five
> times on the same sheet using different fonts !
> Here comes the Sad-result-of-a-cursed-day :
> - i have lost the digital versions of my .gnupg, ascii pub/priv keys
> due to a failing usb stick which hadn't been used for 5+ years.
> - this means i have lost all my encrypted data (mainly accounting
> information, real-life & web password database, and some old
> work-related documents important enough to keep a personnal encrypted
> version at home).
> - i have a partial printed revocation certificate with 8 unreadable
> characters, which means i can't disable the published key.
> - this means, furthermore, that even if there are only few people who
> were using my public key, they could still use it to encrypt, even if
> it's quite useless.
> - It seems like i offered the world another confusing key which would
> never expire. Hurray !
> If i'm wrong on any of these 5 points, don't hesitate to say so !
> Even if the double failure is quite irritating, i can do nothing but
> accept murphy's law.
> But i'm not here to cry, however tempting it might be ;)
> After all this, i created a new pair of keys, expiring in 1 year, for
> which i'll change the expiration regularly. I made a revocation
> certificate, i backed everything up in 3 different places/medium, and
> printed it 3 times. paranoïd, eh ? Now, i just wait to see if i could
> get some answers to the questions below before publishing the new
> public key.
> [ Enter the questions ]
> Q1: I have the public key (0x26A2F0AE if it's of any use), i know the
> secret key passphrase perfectly. Is there any way i could re-compute /
> restore / whatever the secret part using this information ? I browsed
> the list up to feb 2006, and didn't find any "Lost private key with
> known passphrase"-like post. So i guess it's not possible.
> Q2: To try and make things straight, i would like to at least revoc
> the key. The 8 characters cannot be guessed at any price, as they are
> completly blurred. This means there are theoretically 64^8 possible
> combinations. If i import only the public key into my keyring, and
> then brute-force change the 8 unknown bytes in the certificate, and
> each time try to import it, gpg will tell me "read error: invalid
> keyring" a zillion times, but in the end it'll finds the good one. My
> question is : can a revocation certificate be applied into the keyring
> if you only have the public key. I guess so, as the keyservers only
> have the public key.
> Note that while the answer to Q1 is of immense value, Q2 is only a
> ground for a "practical exercice", which might be undertaken to make
> things clean, as my data is lost forever.
> [ Conclusion ]
> This post might be long, but i wanted to share my feelings and
> thoughts with the community, namely these points :
> - You have to balance the amount of key backups vs the security of the
> given backup locations
> - Always make a revocation certificate. Back it up using the same
> scheme as for keys.
> - Additionally, print all the invaluable data (private keys,
> certificate). Using different fonts. Using laser/xerox. Even make a
> non-digital (optical/film) photograph of it. These last decades ;)
> - ... Pray.
> - And remember that even if it looks like you're overly-safe,
> everything might fail. And will.
> Thanks for reading, i wish you all good night.
> --
> Nicolas Pillot (nicolas.pillot at
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at

More information about the Gnupg-users mailing list