Man Linux: Main Page and Category List

NAME

       paperkey - extract secret information out of OpenPGP secret keys

SYNOPSIS

       paperkey [--secret-key=FILE] [--output=FILE] [--output-type=base16|raw]
       [--output-width=WIDTH]

       paperkey --pubring=FILE [--secrets=FILE] [--input-type=auto|base16|raw]
       [--output=FILE] [--ignore-crc-error] [--comment=STRING] [--file-format]

       paperkey --version

MOTIVATION

       As with all data, secret keys should be backed  up.   In  fact,  secret
       keys  should be backed up even better than other data, because they are
       impossible to recreate should they ever be lost.  All  files  encrypted
       to  lost keys are forever (or at least for a long time) undecipherable.
       In addition to keeping backups of secret  key  information  on  digital
       media  such  as  USB-sticks  or CDs it is reasonable to keep an if-all-
       else-fails copy on plain old paper, for use should your  digital  media
       ever  become unreadable for whatever reason.  Stored properly, paper is
       able to keep information for several decades or longer.

       With GnuPG, PGP,  or  other  OpenPGP  implementations  the  secret  key
       usually  contains  a  lot  more  than  just the secret numbers that are
       important.  They also hold all the public values  of  key  pairs,  user
       ids,  expiration  times and more.  In order to minimize the information
       that has to be entered manually or  with  the  help  of  OCR  software,
       paperkey  extracts  just  the  secret information out of OpenPGP secret
       keys.  For recovering a secret key it is assumed that the public key is
       still available, for instance from public internet keyservers.

DESCRIPTION

       paperkey has two modes of operation:

       The  first  mode  creates  "paperkeys"  by  extracting  just the secret
       information from a secret key, formatting the data in  a  way  suitable
       for printing or in a raw mode for further processing.

       The  other mode rebuilds secret keys from such a paperkey and a copy of
       the public key, also verifying the checksums embedded in the  paperkey.
       This  mode  is  selected  when  the  --pubring option is used, which is
       required in that case.  If a passphrase was set on the original  secret
       key, the same passphrase is set on the rebuilt key.

       Input  is  read  from  standard-in  except  when  the  --secret-key  or
       --secrets option is used; output is  printed  to  standard-out,  unless
       changed with the --output option.

SECURITY CONSIDERATIONS

       Please note that paperkey does not change the protection and encryption
       status of and security requirements for storing your secret key. If the
       secret  key  was  protected by a passphrase so is the paperkey.  If the
       secret key was unprotected the paperkey will not be protected either.

OPTIONS

       --help, -h Display a short help message and exit successfully.

       --version, -V
              Print version information and  copyright  information  and  exit
              successfully.

       --verbose, -v
              Print  status  and  progress information to standard-error while
              processing the input.  Repeat for even more output.

       --output=FILE, -o
              Redirect output  to  the  file  given  instead  of  printing  to
              standard-output.

       --comment=STRING
              Include the specified comment in the base16 output.

       --file-format
              Paperkey  automatically  includes  the  file  format  it uses as
              comments at the top of the base16 output.  This  command  simply
              prints out the file format and exits successfully.

OPTIONS FOR EXTRACTING SECRET INFORMATION

       --output-type=base16, --output-type=raw
              Select   the   output   type.   The  base16  style  encodes  the
              information in the style of a classic hex-dump,  including  line
              numbers  and  per-line  CRC  checksums  to facilitate localizing
              errors in the input file during the recovery phase.  The raw, or
              binary,  mode  is  just  a  raw  dump of the secret information,
              intended for feeding to barcode generators or the like.

       --output-width=WIDTH
              Choose line width in the base16 output mode.  The default is  78
              characters.

       --secret-key=FILE
              File  to  read the secret key from.  If this option is not given
              paperkey reads from standard-input.

OPTIONS FOR RE-CREATING PRIVATE KEYS

       --input-type=auto, --input-type=base16, --input-type=raw
              Specify that the given input is  either  in  base16  format,  as
              produced  by  paperkey,  or  in  raw format.  The default, auto,
              tries to automatically detect the format in use.

       --pubring=FILE
              File to read public key information from.  It  is  assumed  that
              the  user  can  get  the  public  key  from  sources like public
              internet keyservers.

       --secrets=FILE
              File to read the extracted secrets, the paperkey, from.  If this
              is not given then the information is read from standard-input.

       --ignore-crc-error
              Do not reject corrupt input and continue despite any CRC errors.

EXAMPLES

       Take  the  secret  key  in   key.gpg   and   generate   a   text   file
       to-be-printed.txt that contains the secret data:

       $ paperkey --secret-key my-secret-key.gpg --output to-be-printed.txt

       Take  the  secret  key data in my-key-text-file.txt and combine it with
       my-public-key.gpg to reconstruct my-secret-key.gpg:

       $ paperkey --pubring my-public-key.gpg  --secrets  my-key-text-file.txt
       --output my-secret-key.gpg

       If   --output  is  not  specified,  the  output  goes  to  stdout.   If
       --secret-key is not specified, the data is read from stdin so  you  can
       do things like:

       $ gpg --export-secret-key my-key | paperkey | lpr

SEE ALSO

       gpg(1), http://www.jabberwocky.com/software/paperkey/

AUTHORS

       paperkey is written by David Shaw <dshaw@jabberwocky.com>.