Skip to content

openpgp-paper-backup

openpgp-paper-backup is a CLI tool that allows one to:

  • create a backup of Private OpenPGP keys in a form of a PDF document, and
  • restore the backup from a scanned PDF document that contains the backup.

Context

For those who use OpenPGP Keys for their workflows, it's extremely important to create backups of the Private Keys they're using in their workflows. For example, I use GnuPG (one of OpenPGP implementations) in my Debian Developer's workflows to:

Considering the above, it's very important for me to keep my Debian Developer's OpenPGP key secure and backed-up. If my key was lost or compromised, I'd have to go through a cumbersome process of replacing it with a brand new one.

Therefore:

  • I store my main Certificateion OpenPGP key offline. It's never on my dev workstation.
  • I use subkeys for encryption, signing, and authentication.
  • The 3 subkeys (signing, encryption and authentication) are on my USB Key.
  • I have offline backups of my private keys (the main Certification key and all 3 subkeys) in a file.
  • I have offline backups of all the private keys in the form of a paper-printed document. This print-out, after scanning, can be restored back to Private Keys file using openpgp-paper-backup CLI tool.

What about paperkey?

Paperkey is an awesome tool designed to store backups of OpenPGP private keys in a paper form. Just like openpgp-paper-backup. In its workflow, however, it is up to the user to figure out how to transform the paper print-out back into a text file. David suggests using OCR, Qr Codes or similar tools. And you can do just that -- figure out how to best transform the scan of your document back into a text file that paperkey will understand.

With openpgp-paper-bakcup I wanted to close the gap -- the user doesn't have to figure out how to transform the scan back into the file. openpgp-paper-backup will do it for you.