A reasonable way to achieve long-term backup of OpenPGP (GnuPG, PGP, etc) keys is to print on paper. paperkey is a reasonable way to achieve long-term backup of OpenPGP (GnuPG, PGP, etc) keys is to print on paper. Due to metadata and redundancy, OpenPGP secret keys are much bigger than just the "secret bits." Actually, the secret key contains a complete copy of the public key. Since the public key is generally not need 'be saved in this way (most people have many copies of it on different key servers, web pages, etc.), retrieve only the parts secret can be a real advantage. paperkey extracts only those bytes secret and prints. reconstruct, you re-enter those bytes (whether by hand or via OCR) and paperkey can use to transform your existing public key into a secret key. paper? Seriously? The aim with the paper n 'is not a secure warehouse. There are countless ways to store something safely. A paper backup is not a replacement for the machine readable usual (tape, CD-R, DVD-R etc.) backups, but rather as an if-all-else-fails to restore a key. Most of the storage media in use today are not particularly good long-term (measured in years or decades ) retention of data. If and when the CD-R and / or tape player and / or a USB and / or hard disk of the secret key is stored on becomes unusable, the copy may be used to restore the secret key. paperkey What doesDue metadata and redundancy, OpenPGP secret keys are much more important not just "secret bits." Actually, the secret key contains a complete copy of the public key. Since the public key n ' is generally not required to be escrowed (most people have many copies of it on different key servers, web pages, etc.), retrieve only the parts secret can be a real advantage. paperkey extracts only those secret bytes and prints them. reconstruct, you re-enter those bytes (whether by hand or via OCR) and paperkey can use to transform your existing public key into a secret key. For example, the regular DSA + Elgamal key secret that I have tested out to 1281 bytes. The secret parts of that (plus some minor packet structure) come to only 149 bytes. It's much easier to get 149 bytes correctly. Are not CD-Rs supposed last long? They certainly are advertised to (I've seen some pretty incredible claims of 100 years or more), but in practice it does not really work that way. The production of media, the burning quality, the quality of the burner, storage, etc., all have a significant impact on the length of an optical disc will last. Some tests show that you're lucky to get 10 years. For paper, on the other hand, claim that it will last 100 years is not even vaguely impressive. high quality paper with good ink regularly takes hundreds of years, even under conditions far from optimal. Another bonus is that the ink on the paper is readable by humans. Not later, all the backup methods will be readable 50 years, so even if you have a backup, you can not easily buy a disc for playback. I doubt that will happen anytime soon with the CD-R as there are so many of them there, but the storage industry is now littered with old ways of storing dead data. Examples: Take the secret key in key.gpg and generate a text file to-be-printed.txt containing the secret data: $ paperkey --secret-key my-secret-key.gpg - Output-to-be printed.txtTake data secret key in my key-text-file.txt and combine it with my-public-key.gpg rebuild my - secret-key.gpg: $ paperkey - pubring my-public-key.gpg - the secret-key my-text-file.txt - output my-secret-key.gpgIf - output is not specified, the output is stdout. If - secret key is not specified, data is read from stdin so that you can do things like: gpg - export-secret-key my-key | paperkey - output my-key-text-file . txtSome other useful options are: - output-type can be "Base16" or "gross". "Base16" is human readable, and "gross" is useful if you want to move production to another program such as a bar code generator (note that the barcodes have many drawbacks discussed above). - Input-type as well - output-type, but the food side of things. By default, the entry type is automatically deducted from the input data. - Output-width sets the width of the Base16 output - ignore-crc-error paperkey can continue during the reconstruction, even if it detects a corruption of input data. - Verbose (-v) be silent about what happens. Repeat this process several times for more verbosity. SecurityNote paperkey that does not change the requirements for safe storage of a secret key. If your key is a sentence about it (ie, encrypted), the hard copy is also encrypted. If your key has no password, nor the hard copy. Whatever the password (or lack thereof) was the original secret key will be the same button rebuilt.