Paperkey - an OpenPGP key archiver

by David Shaw

Download

For POSIX (Linux, Unix, *BSD, etc): paperkey-1.6.tar.gz paperkey-1.6.tar.gz.sig (OpenPGP signature from my key 0x99242560) Win32 precompiled binary: paperkey-1.6-win32.zip paperkey-1.6-win32.zip.sig (OpenPGP signature from my key 0x99242560)

Paper? Seriously?

What paperkey does

Paperkey extracts just those secret bytes and prints them. To reconstruct, you re-enter those bytes (whether by hand, OCR, QR code, or the like) and paperkey can use them to transform your existing public key into a secret key.

For example, the regular DSA+Elgamal secret key I just tested comes out to 1281 bytes. The secret parts of that key (plus some minor packet structure) come to only 149 bytes. It's a lot easier to re-enter 149 bytes correctly.

Different key algorithms will benefit to a different degree from this size reduction. In general, DSA or Elgamal keys benefit the most, shrinking to around 10% of the original key size, and RSA keys benefit the least, only shrinking to about 50% of the original key size. ECC keys are in between, shrinking to around 20-25% of the original, but of course, ECC keys are quite small to begin with, and 25% of a small number can compare well to 10% of a larger number.

As with any backup or archiving system, it is prudent to verify you can restore the key from your paper copy before filing the paper away.

Aren't CD-Rs supposed to last a long time?

In comparison, to claim that paper will last for 100 years is not even vaguely impressive. High-quality paper with good ink regularly lasts many hundreds of years even under less than optimal conditions.

Another bonus is that ink on paper is readable by humans. Not all backup methods will be readable 50 years later, so even if you have the backup, you can't easily buy a drive to read it. I doubt this will happen anytime soon with CD-R as there are just so many of them out there, but the storage industry is littered with old, now-dead methods of storing data.

Security

Examples

paperkey --secret-key my-secret-key.gpg --output to-be-printed.txt

paperkey --pubring my-public-key.gpg --secrets my-key-text-file.txt --output my-secret-key.gpg

gpg --export-secret-key my-key | paperkey | lpr

--output-type can be "base16" or "raw". "base16" is human readable, and "raw" is useful if you want to pass the output to another program like a bar code or QR code generator (although note that scannable codes have some of the disadvantages discussed above). --input-type same as --output-type, but for the restore side of things. By default the input type is inferred automatically from the input data. --output-width sets the width of base16 output (i.e. given your font, how many columns fit on the paper you're printing on). Defaults to 78. --ignore-crc-error allows paperkey to continue when reconstructing even if it detects data corruption in the input. --verbose (or -v) be chatty about what is happening. Repeat this multiple times for more verbosity.

RPM

Paperkey is Copyright © 2007-2018 by David Shaw