Hi Daniel,

> > gpg2 --armor --export "User Name" >key.asc
> > gpg2 --armor --export-secret-key "User Name" >>key.asc
> > paperbackup.py key.asc
> 
> this is a cool idea.  however, it seems like you might be backing up
> more than most people would need.  For most folks, their OpenPGP
> certificates (public keys) are stored on the public keyservers.  Or at
> least their friends have a copy of them :)
> 
> Even if you want the whole certificate, you've duplicated most of the
> material here -- just the data produced by --export-secret-key should be
> sufficient to reconstruct everything.  Probably, putting less data in
> your qrcode backup will make the backup more robust during recovery..

You are right that this is probably more than strictly neccessary. But if you 
look at my example output on github, a regular public and private key in 
qrcodes and plain is just 9 pages. 

If some of the qrcodes containing the public key could not be decoded during 
recovery, it won't affect the codes of the private key. The user will just 
have to remove the ascii armored remnants of the public key. So adding the 
public key won't hurt.

paperbackup.py doesn't know or understand public or private keys, it just 
cares about text files. So the user is always free to decide what parts to 
back up.

> Are you aware of David Shaw's paperkey?
> 
>   http://www.jabberwocky.com/software/paperkey/

Yes, I have linked it in the README on github, section "Similar projects".
 
> This produces significantly less data (still in text form, though), so
> it could be combined with your approach to have a nice big, robust,
> scannable recovery mechanism.

Correct. But unless you want to backup hundreds of keys I don't think it is 
necessary to think much about data reduction. It is just a few pages of paper 
and printing and scanning them is just a matter of a few minutes. 

This is the beauty of qrcodes in contrast to OCR and manually typing.

Kind regards,

Gerd


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to