Paperkey, a good way to print your PGP Private Key.

A reasonable way to achieve a long term backup of Cryptographic Keys (OpernPGP, GnuPG, PGP, etc) is to print them out on paper.
This because printed paper (choosing the best ink type), has amazingly long retention qualities, absolutely longer than magnetic or optical media generally used to Back-UP data.

Due to metadata and redundancy, OpenPGP secret keys are significantly larger than just the secret bits.
The secret key contains a complete copy of the public key.
Since the public key generally doesn’t need to be escrowed (most people have many copies of it on various keyservers, web pages, etc), only extracting the secret parts can be a real advantage.

Paperkey helps the user to extract the secret bytes of a Private Key and prints them on paper, instead of printing the entire key char sequence, containing also the public part.

Take the secret key in key.gpg and generate a text file to-be-printed.txt that contains the secret data:

paperkey --secret-key my-secret-key.gpg \
--output to-be-printed.txt

Dump Private Secret Key with gpg and make it printable (with verbose stdout messages):

gpg --export-secret-key KEYID | \
paperkey -vvvv --output KEYID.secret.printable

Take the secret key data in my-key-text-file.txt and combine it with my-public-key.gpg to reconstruct my-secret-key.gpg:

paperkey --pubring my-public-key.gpg \
--secrets my-key-text-file.txt \
--output my-secret-key.gpg

Print directly with LPR:

gpg --export-secret-key my-key | paperkey | lpr

Generate a PostScript file:

paperkey --secret-key my-secret-key.gpg \
--output to-be-printed.txt
a2ps -2 --no-header -o to-be-printed.txt

Or for a better resolution with one page per sheet, in A4:

$ paperkey --secret-key my-secret-key.gpg \
--output to-be-printed.txt
$ a2ps -A4 -1 --no-header --border=no \
-o to-be-printed.txt

Comments are closed.