Announcing paperbackup.py to backup keys as QR codes on paper
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Feb 22 05:25:44 CET 2017
-----BEGIN PGP SIGNED MESSAGE-----
On Tue 2017-02-21 09:34:17 -0500, Gerd v. Egidy wrote:
> I'd like to announce a program I wrote to backup GnuPG and SSH keys as
> qrcodes on paper:
> This is designed as fallback if all your regular backups failed to restore or
> were lost.
> Usage is like this:
> gpg2 --armor --export "User Name" >key.asc
> gpg2 --armor --export-secret-key "User Name" >>key.asc
> paperbackup.py key.asc
> paperrestore.sh key.asc.pdf | diff key.asc -
> lpr key.asc.pdf
this is a cool idea. however, it seems like you might be backing up
more than most people would need. For most folks, their OpenPGP
certificates (public keys) are stored on the public keyservers. Or at
least their friends have a copy of them :)
Even if you want the whole certificate, you've duplicated most of the
material here -- just the data produced by --export-secret-key should be
sufficient to reconstruct everything. Probably, putting less data in
your qrcode backup will make the backup more robust during recovery..
So for most folks, the critical backup that they need is likely to be
only the secret key material itself, since the public key material and
signatures and the like can all be retrieved from from the keyserver
network or from friends.
Are you aware of David Shaw's paperkey?
This produces significantly less data (still in text form, though), so
it could be combined with your approach to have a nice big, robust,
scannable recovery mechanism.
thanks for publishing your work!
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the Gnupg-users