openpgp-paper-backup
openpgp-paper-backup is a CLI tool that allows one to:
- create a backup of Private OpenPGP keys in a form of a PDF document, and
- restore the backup from a scanned PDF document that contains the backup.
Context
For those who use OpenPGP Keys for their workflows, it's extremely important to create backups of the Private Keys they're using in their workflows. For example, I use GnuPG (one of OpenPGP implementations) in my Debian Developer's workflows to:
- sign my ballots when voting on Debian-related matters
- sign my uploads to the Debian archive.
Considering the above, it's very important for me to keep my Debian Developer's OpenPGP key secure and backed-up. If my key was lost or compromised, I'd have to go through a cumbersome process of replacing it with a brand new one.
Therefore:
- I store my main Certificateion OpenPGP key offline. It's never on my dev workstation.
- I use subkeys for encryption, signing, and authentication.
- The 3 subkeys (signing, encryption and authentication) are on my USB Key.
- I have offline backups of my private keys (the main Certification key and all 3 subkeys) in a file.
- I have offline backups of all the private keys in the form of a paper-printed
document. This print-out, after scanning, can be restored back to Private Keys
file using
openpgp-paper-backupCLI tool.
What about paperkey?
Paperkey is an awesome tool designed to store backups of OpenPGP
private keys in a paper form. Just like openpgp-paper-backup. In its
workflow, however, it is up to the user to figure out how to transform the
paper print-out back into a text file. David suggests using OCR, Qr Codes or
similar tools. And you can do just that -- figure out how to best transform
the scan of your document back into a text file that paperkey will understand.
With openpgp-paper-bakcup I wanted to close the gap -- the user doesn't have
to figure out how to transform the scan back into the file.
openpgp-paper-backup will do it for you.