The asymmetric RSA keys you use with tools such as GnuPG and SSH are very important for accessing information. The loss of a key makes access to encrypted data nearly impossible. Problems created by remote servers without access can also be serious, so it’s important to back up the keys and keep them safe. Using paper to store key backups isn’t the method that immediately comes to mind. However, it is one of the safest ways.
Why Should You Store Your GnuPG Key on Paper?
We’ve stored important information on paper for centuries. We all know that Ancient Egyptians used papyri, dating back to 3000 BC. Interestingly, papyrus is also resistant to fire when kept in a heap like a book. In this way, many old books managed to survive to the present day. Today, with the development of water-resistant papers and printing technologies, a print made with toner on acid-free paper is much longer lasting than many recording methods.
While paper is not the cheapest recording media, it is a very economical choice for recording small data such as encryption keys. A GnuPG key can be easily backed up with a printer and five to 20 sheets of paper. At the same time, a thief breaking into your home will covet your hard drive or the machine to which your hard drive is attached. But no one has the desire to steal a ream of paper.
You don’t need special conditions to store paper backups. Even if you protect the hard drive and similar digital recording media from elements such as humidity, temperature, and excessive vibration, there is a possibility of deterioration. On the other hand, papers placed in a bag or box remain intact even if you forget them.
What Are the Disadvantages of Storing Paper?
Making paper backups of digital data is a challenging undertaking. Nowadays, transferring data to another digital media is relatively simple. However, safely transferring this to an analog system, such as paper, can be a headache.
Also, if it is not possible to recover from the backup, it is not possible to actually call it a backup. You need to use techniques such as QR codes, data matrices, or OCR to transfer data on the printed page back to the computer. For this, you will need to scan the paper with a scanner. As a last resort, you can also enter the data manually bit by bit. But this is the last resort as it is a laborious process.
How to Install Paperbackup Software
Paperbackup is software, developed with Python, that enables easy extraction of ASCII-encoded digital data from paper backups. Like most Python code, Paperbackup has some dependencies.
By running the following command, you can download and install the necessary dependencies on your system.
For distributions using RPM (Red Hat, Fedora, CentOS, etc):
sudo yum install PyX enscript qrencode hashlib zbar \npython3 -m pip install hashlib Pillow\n
For distributions using APT (Debian, Ubuntu, Mint, etc):
sudo apt-get update && sudo apt-get install python3-pyx enscript python3-qrencode python3-zbar \npython3 -m pip install hashlib Pillow\n
Creating Key or Data Backups With Paperbackup
First, create a GnuPG key. Then, make this key available for backup. To do this, enter the requested information and generate your GnuPG key using the following command:
If you have also set the password that gpg asks you for, and you see a printout containing various information about your key, your key is ready. At this stage, there is a value for your key that you should note down. To get this value, use the command below and copy the value you see with the red box in the image:
You can replace the “johnd[email protected]” value here with the email address you specify.
The value of E3122E78 in the image above is the key ID. Of course, this value will be different for you. Using this, make the GnuPG key available for backup as follows. As a result of this command, you will create a file named myKey_sec.asc:
gpg --export-secret-keys --armour E3122E78 > myKey_sec.asc\n
You can see the contents of the file with the following command:
At this stage, you will get an output that looks like this:
All screenshots are based on a GNU/Linux Debian distribution. However, you can use all the gpg commands up to this point in the same way on Microsoft Windows.
What You Need to Do to Back Up Any File
If the data you want to back up is something else, you can make it ready for backup by encoding it with base64 via the command below. Note that you will get a result that is approximately 25 percent larger than the data you will back up.
As an example, you can create a file called “test.txt” on the desktop. Write various data inside this text file for example only.
Now that you have also edited the contents of the test file, you can use the following command:
base64 -w 65 [data to back up] > [file to save]\n
Then look inside the “test_base64” file to verify that the file contents have changed to base64:
As you can see, you have now base64 encoded your text file.
You’ve prepared the key or data to be backed up. Next, you need to install Paperbackup. First, go to Paperbackup’s GitHub repository and download the repository in zip format. You can also clone the git repository to your computer with the following command:
git clone https:
Extract the downloaded file somewhere and go to the directory where the Paperbackup is found. Open a terminal here. Then you can use the command below to prepare your paper backup in PDF format:
python3 paperbackup.py [directory of the file to backup]\n
Of course, here you can use not only the file you created but also your GnuPG key document. If you remember, you put this GnuPG key in a file called myKey_sec.asc earlier on.
After the script does its job, there will be a PDF file in the directory where you run it, like this:
The size of the QR codes and other encryption methods will vary depending on the content of the file you will back up.
Print the Backup You Made
The decision to print your backup is up to you. One of the things to consider is whether you can trust your hardware and the connection you use to access it (e.g. a LAN printer) if you have backed up a secure backup without a password. The most reliable method in this regard is to print the PDF file directly from the printer by adding the file on a USB stick or connecting the printer to your computer via USB.
You are completely free to use whatever paper and printing method you want to. All kinds of printing will last long enough for your purposes. However, toner printing on acid-free paper will provide the best results.
After printing, you can store your refills without folding them, in an envelope, or better yet, in a waterproof bag. If you date your backup, this information may come in handy in the future. If you take other future backups, you can prevent getting them mixed up.
Also, scan your paper backup at the highest resolution possible.
If you need to use this backup, you can recover the PDF file that is the result of your scan with the following command after moving it to the Paperbackup directory:
./paperrestore.sh [PDF directory to recover] > recovery_file\n
Paperbackup saves the file in its home directory with the name you give it.
How Important Is It to Back Up Your Key?
Electronic devices can break down. These include hard drives, USB sticks, or DVDs. However, it will be safer to transfer this data from the digital environment to analog. And you can protect them much more easily. You are the only person who knows how important this data is to you. Depending on the project you’re working on or the importance of the data you want to keep, you can store it on paper.
Protecting your data should become a habit. There are many steps you can take to do this. Printing backups on paper is just one of them.