Announcing paperbackup.py to backup keys as QR codes on paper

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Feb 22 05:25:44 CET 2017


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi Gerd--

On Tue 2017-02-21 09:34:17 -0500, Gerd v. Egidy wrote:
> I'd like to announce a program I wrote to backup GnuPG and SSH keys as 
> qrcodes on paper:
>
> paperbackup.py 
> https://github.com/intra2net/paperbackup
>
> This is designed as fallback if all your regular backups failed to restore or 
> were lost.
>
> Usage is like this:
>
> gpg2 --armor --export "User Name" >key.asc
> gpg2 --armor --export-secret-key "User Name" >>key.asc
> paperbackup.py key.asc
> paperrestore.sh key.asc.pdf | diff key.asc -
> lpr key.asc.pdf

this is a cool idea.  however, it seems like you might be backing up
more than most people would need.  For most folks, their OpenPGP
certificates (public keys) are stored on the public keyservers.  Or at
least their friends have a copy of them :)

Even if you want the whole certificate, you've duplicated most of the
material here -- just the data produced by --export-secret-key should be
sufficient to reconstruct everything.  Probably, putting less data in
your qrcode backup will make the backup more robust during recovery..

So for most folks, the critical backup that they need is likely to be
only the secret key material itself, since the public key material and
signatures and the like can all be retrieved from from the keyserver
network or from friends.

Are you aware of David Shaw's paperkey?

  http://www.jabberwocky.com/software/paperkey/

This produces significantly less data (still in text form, though), so
it could be combined with your approach to have a nice big, robust,
scannable recovery mechanism.

thanks for publishing your work!

          --dkg
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOCdgUepHf6PklTkyFJitxsGSMjcFAlitEsgACgkQFJitxsGS
MjfnZQ//ediyODKSSDEj3wEEobXd+27VTv3oOS6EpBUDxyse3ttMAb1q9EBgzJC/
DJAYC1vOqyYzQ7+7uLVAKShE2rMWDhTnxAbIYsbqRpxeS0vGsn5L3yWpiT+u5LkN
sBXONHO5MxDH1kQDZ9+muFZWYUBTSKbJLLHN0R5uk1PqvVRXBMT3HDFusqeS0EBI
W+lBKGGABBGk1P8/Sc1tOX9WbkA5aQxNhGq5Rq0E4FUrR7J6IlAKGDqjVmCHs1++
BzMVKqkfZm2++PQXpGyzCadkTL9oTK4+zMz3E6cvQtwlNWZBZLW1vPZPNwRWBekK
VNbZEyIOuSSZTR/jmDyh7dNDAzsjjKF+1Gspu9uDFWVHUbz72hdUzmyRB0RG8DfN
XfE8zscyJlmJfTccgRYzfuTNXU9QtnlwyThvYyrvZOQ/WMSxfYe+ST3neJOGGB7j
UFnhj4DgfSNVbXT6mEOLWEos3S21YSN8hMiLkOqvyF7+Tnuq98hyEESAX0BRLAjw
Jo1eLkkgdAaB5Ww08VoxrmArSS7dCpvyn1OpeuOvC0BZuKBKJI+93ZuWSAKDRdNr
ouI355qDnOun7ut9cAl1fC0r6ws9qjeGNXTgQUHGAu43bs0A2rkhzaPg0DdHYvrQ
ME3mdC45HOT+EYCysJj9DNueD9ZO/W235MPWTHOcD17uBi5iHr4=
=DPyt
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list