Difference between revisions of "User:Aimilius/Paperkey"

From ArchWiki
Jump to: navigation, search
(Usage: Add warning that it's necessary to backup the public key as well.)
(Add tip to print key without intermediate file.)
Line 12: Line 12:
 
To create a backup of your GnuPG key, pipe the private key to paperkey:
 
To create a backup of your GnuPG key, pipe the private key to paperkey:
 
  $ gpg --export-secret-key ''key-id'' | paperkey --output ''paperkey.asc''
 
  $ gpg --export-secret-key ''key-id'' | paperkey --output ''paperkey.asc''
 +
 +
== Tips and tricks ==
 +
=== Print secret key directly ===
 +
If no {{ic|--output}} argument is given, paperkey will print it's output to {{ic|stdout}}. It's possible to print the key directly without intermediate file, which might have security implications. To do so, install [[CUPS]], and pipe to {{ic|lpr}}:
 +
$ gpg --export-secret-key ''key-id'' | paperkey | lpr

Revision as of 16:13, 9 February 2018

Paperkey is a command line tool to export GnuPG keys on paper. It reduces the size of the exported key, by removing the public key parts from the private key. Paperkey also includes CRC-24 checksums in the key to allow the user to check whether their private key has been restored correctly.

Installation

Install paperkeyAUR from the AUR.

Usage

Warning: You need to have the public key available when restoring the paperkey backup! Since it's safe to have your public key available publicly, consider uploading it to a keyserver.

To create a backup of your GnuPG key, pipe the private key to paperkey:

$ gpg --export-secret-key key-id | paperkey --output paperkey.asc

Tips and tricks

Print secret key directly

If no --output argument is given, paperkey will print it's output to stdout. It's possible to print the key directly without intermediate file, which might have security implications. To do so, install CUPS, and pipe to lpr:

$ gpg --export-secret-key key-id | paperkey | lpr