Paperkey
Details
| Last Update: | 2008-02-02 11:01:06 |
| Version: | 0.8 |
| License/Program Type: | GPL (GNU General Public License) |
| Publisher: | David Shaw |
| Price: | $0.00 |
Description:
Paperkey is a reasonable way to achieve a long term backup of
OpenPGP (GnuPG, PGP, etc) keys is to print them out on paper. Due
to metadata and redundancy, OpenPGP secret keys are significantly
larger than just the "secret bits". In fact, the secret key
contains a complete copy of the public key.
Since the public key generally doesn't need to be backed up in
this way (most people have many copies of it on various keyservers,
Web pages, etc), only extracting the secret parts can be a real
advantage.
Paperkey extracts just those secret bytes and prints them. To
reconstruct, you re-enter those bytes (whether by hand or via OCR),
and paperkey can use them to transform your existing public key
into a secret key.
Paper? Seriously?
The goal with paper is not secure storage. There are countless
ways to store something securely. A paper backup also isn't a
replacement for the usual machine readable (tape, CD-R, DVD-R, etc)
backups, but rather as an if-all-else-fails method of restoring a
key. Most of the storage media in use today do not have
particularly good long-term (measured in years to decades)
retention of data. If and when the CD-R and/or tape cassette and/or
USB key and/or hard drive the secret key is stored on becomes
unusable, the paper copy can be used to restore the secret key.
What paperkey does
Due to metadata and redundancy, OpenPGP secret keys are
significantly larger than just the "secret bits". In fact, the
secret key contains a complete copy of the public key. Since the
public key generally doesn't need to be escrowed (most people have
many copies of it on various keyservers, web pages, etc), only
extracting the secret parts can be a real advantage.
Paperkey extracts just those secret bytes and prints them. To
reconstruct, you re-enter those bytes (whether by hand or via OCR)
and paperkey can use them to transform your existing public key
into a secret key.
For example, the regular DSA+Elgamal secret key I just tested
comes out to 1281 bytes. The secret parts of that (plus some minor
packet structure) come to only 149 bytes. It's a lot easier to
re-enter 149 bytes correctly.
Aren't CD-Rs supposed to last a long time?
They're certainly advertised to (I've seen some pretty
incredible claims of 100 years or more), but in practice it
doesn't really work out that way. The manufacturing of the media,
the burn quality, the burner quality, the storage, etc, all have a
significant impact on how long an optical disc will last. Some
tests show that you're lucky to get 10 years.
For paper, on the other hand, to claim it will last for 100
years is not even vaguely impressive. High-quality paper with good
ink regularly lasts many hundreds of years even under less than
optimal conditions.
Another bonus is that ink on paper is readable by humans. Not
all backup methods will be readable 50 years later, so even if you
have the backup, you can't easily buy a drive to read it. I doubt
this will happen anytime soon with CD-R as there are just so many
of them out there, but the storage industry is littered with old
now-dead ways of storing data.
Examples:
Take the secret key in key.gpg and generate a text file
to-be-printed.txt that contains the secret data:
$ paperkey --secret-key my-secret-key.gpg --output
to-be-printed.txt
Take the secret key data in my-key-text-file.txt and combine it
with my-public-key.gpg to reconstruct my-secret-key.gpg:
$ paperkey --pubring my-public-key.gpg --secrets
my-key-text-file.txt --output my-secret-key.gpg
If --output is not specified, the output goes to stdout. If
--secret-key is not specified, the data is read from stdin so you
can do things like:
$ gpg --export-secret-key my-key | paperkey --output
my-key-text-file.txt
Some other useful options are:
--output-type
can be "base16" or "raw". "base16" is human-readable, and
"raw" is useful if you want to pass the output to another program
like a bar code generator (though note that bar codes have many of
the disadvantages discussed above).
--input-type
same as --output-type, but for the restore side of things. By
default the input type is inferred automatically from the input
data.
--output-width
sets the width of base16 output
--ignore-crc-error
allows paperkey to continue when reconstructing even if it
detects data corruption in the input.
--verbose (or -v)
be chatty about what is happening. Repeat this multiple times
for more verbosity.
Security
Note that paperkey does not change the security requirements of
storing a secret key. If your key has a passphrase on it (i.e. is
encrypted), the paper copy is similarly encrypted. If your key has
no passphrase, neither does the paper copy. Whatever the passphrase
(or lack thereof) was on the original secret key will be the same
on the reconstructed key.
0 comments
Add to
Paperkey Version History
Related Software
|
|
From category: Security |
| Antivirus Scan with F-Prot 0.5 is security software developed by isma. Antivirus Scan with F-Prot is a simple servicemenu for konqueror that allows to scan single or multiple files and folders usin... |
|
|
From category: Firewalls |
| updated on Wed, 21 May 2008 01:37:08 CDT - Server application for user internet access control and network security... |
|
|
From category: Security |
| eCryptfs 0.1.7 is security software developed by Michael Halcrow. eCryptfs is an POSIX-compliant enterprise-class stacked cryptographic filesystem for Linux. eCryptfs is derived from Erez Zadok\'s... |
|
|
From category: Security |
| Firewall Builder 2.1.8 is security software developed by NetCitadel, LLC.. Firewall Builder is a multi-platform firewall configuration and management system. It consists of a GUI and set of policy... |
|
|
From category: Security |
| KlamAV provides ClamAV protection for the KDE desktop.... |
|
|
From category: Security |
| TrueCrypt is free open-source disk encryption software.... |
|
|
From category: Security |
| dotDefender 2.16 is security software developed by Applicure Technologies, Ltd.. dotDefender secures websites against a broad range of HTTP-based attacks, including Session attacks (e.g. Denial of... |
|
|
From category: Antivirus |
| Win Spy Software Pro is a Complete Stealth Monitoring Software that can both monitor your Local PC and Remote PC. Win Spy Software also includes Remote Install. Win Spy Software will capture anything... |
|
|
From category: Security |
| Seahorse is a GNOME application for managing PGP keys.... |
|
|
From category: Other-Tools |
| AVIRA Antivirus for Sendmail-Milter checks all incoming and outgoing emails and, depending on the result of the scanning process, the emails are blocked or delivered. Email notifications can be issued... |
|
|
From category: Encryption |
| 1 Click Sweep brings to you 10 + utilities that work together or separate so that no important traces are left after using the World Wide Web or your PC and other service that involves private data, i... |
|
|
From category: Security |
| combina 0.4.1 is security software developed by Danilo Cicerone. combina is a password generator that uses three different algorithms based on combinatorial analysis. It implements the permu... |
|
|
From category: Security |
| Corbicula Anti Virus 0.0.20060505-1 is security software developed by Pascal de Bruijn. Corbicula Anti Virus is a GNOME HIG compliant front end for ClamAV. Corbicula Anti Virus tries to be... |
|
|
From category: Security |
| AVIRA Desktop for Unix 1.1.4 is security software developed by AVIRA. AVIRA Desktop for Unix is a superior antivirus solution, especially created to offer a virus-free Unix environment, for home an... |
|
|
From category: Other-Tools |
| updated on Tue, 17 Jun 2008 09:38:35 CDT
- No Adware Pro helps to get rid of spywares, adware, keyloggers and trojans.... |
Leave a comment