On 4/15/2013 7:24 AM, Ashley Holman wrote: > I also have a followup question. Is it acceptable practice to make a > paper backup of your private key by exporting it in ascii armored mode > and printing it onto some paper? (with a passphrase applied of course).
You're the one who defines "acceptable practice" for you. :) Although I use a smartcard for my day-to-day signing I have backups of the secret key and subkeys on CD-R and paper in separate physically-secured locations. I have copies of both the Paperkey version of my private key and the ASCII-armored private key block itself. > This would be to prevent against loss in the event of other media > failing. Has anyone ever had to recover from a paper backup - and if so > do you painstakingly type it to your computer, or use some kind of OCR > or perhaps QR codes to encode it? I realize that typing errors are inevitable, particularly when manually entering in long strings of seemingly-random text (the Paperkey output for my 4096-bit private key is 124 lines long while the ASCII-armored version is 108 lines long). I ran into a few errors using OCR and it was a hassle to find out which characters it mis-read, so I just ended up generating a QR code for each line of the Paperkey output and, separately, a QR code for each line of the ASCII-armored key block. As a test, I then imported the keyblock using my computer's webcam to read the QR codes. While somewhat tedious, it was far easier than typing everything in. Both the Paperkey and ASCII keyblock were reconstructed without errors. I'm sure there's a more efficient way of doing things, like creating a series of linear barcodes that can be read line-by-line with a laser barcode scanner or by simply scanning it using a flatbed scanner, but the QR codes work reasonably well for me. Cheers! -Pete _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
