gpgqr helps to back up secret GPG keys as QR codes that may be printed
- https://github.com/google/zx
split
orgsplit
for MacOSpaperkey
qrencode
zbarimg
-
βοΈ Install all the dependencies above.
-
π Check if you have your secret keys on your machine:
$ gpg -K
/var/folders/jx/5ll9xg7166945zr_jrzh423m0000gn/T/gnupg_202204132230_XXX.6TZDeVqr/pubring.kbx
--------------------------------------------------------------------------------------------
sec rsa4096 2022-04-13 [SC]
5E4A60CDCE1374ADE9D4B42E311366FBF780DB86
uid [ultimate] Eugene Dzhumak <eugene@example.com>
ssb rsa4096 2022-04-13 [E]
If you see a hash symbol near the key type (sec#
), it means your key is not on your machine. Did you store it offline
on a USB drive?
- π Run backup script providing your key identifier:
$ ./backup.mjs 5E4A60CDCE1374ADE9D4B42E311366FBF780DB86
rm -f generated/*
cp index.html generated/
gpg --export-secret-key 5E4A60CDCE1374ADE9D4B42E311366FBF780DB86 | paperkey --output-type raw | base64 | gsplit -C 1500 -d -a 2 - generated/temp-chunk-
cat generated/temp-chunk-00
qrencode -l L -o generated/qr-1.png
cat generated/temp-chunk-01
qrencode -l L -o generated/qr-2.png
cat generated/temp-chunk-02
qrencode -l L -o generated/qr-3.png
- π¨ Open
./generated/index.html
in your browser and print the page or save it as PDF ( see example) - β¨ You are awesome β¨
To restore secret keys you need to have your public key, what usually is not a problem.
- π Place QR images inside
/generated
folder naming them with number suffix for proper sorting (likeqr-1.png
) - π Run the script providing a path to your public key file (binary, not armored)
$ ./restore.mjs ~/pubkey.gpg
zbarimg -q --raw ./generated/*.png | base64 -d | paperkey --pubring /Users/eugenedzhumak/pubkey.gpg | gpg --import
gpg: key 311366FBF780DB86: public key "Eugene Dzhumak <eugene@example.com>" imported
gpg: key 311366FBF780DB86: secret key imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: secret keys read: 1
gpg: secret keys imported: 1
- β Done. Check your GPG keys, they were restored:
$ gpg --list-secret-keys
/var/folders/jx/5ll9xg7166945zr_jrzh423m0000gn/T/gnupg_202204132230_XXX.6TZDeVqr/pubring.kbx
--------------------------------------------------------------------------------------------
sec rsa4096 2022-04-13 [SC]
5E4A60CDCE1374ADE9D4B42E311366FBF780DB86
uid [ unknown] Eugene Dzhumak <eugene@example.com>
ssb rsa4096 2022-04-13 [E]
$ gpg --list-public-keys
/var/folders/jx/5ll9xg7166945zr_jrzh423m0000gn/T/gnupg_202204132230_XXX.6TZDeVqr/pubring.kbx
--------------------------------------------------------------------------------------------
pub rsa4096 2022-04-13 [SC]
5E4A60CDCE1374ADE9D4B42E311366FBF780DB86
uid [ unknown] Eugene Dzhumak <eugene@example.com>
sub rsa4096 2022-04-13 [E]