1. 33

  2. 6

    Another approach is to use a secret sharing scheme like ssss, then print the shares as text or QR codes and give the paper pieces to next of kin or other trusted parties.

    1. 4

      This is a good idea but I’d like to see instructions how to read it (recover) too as the private keys can be big.

      Additionally some software, like Paperkey optimize output to cut the irrelevant parts (or parts that can be re-constructed from public keys).

      1. 3

        I would argue that you want to use some easy secret you know to crypt the key before you create the QR code.

        Otherwise if all of us start using this at scale, anyone with a camera left in your office can secretly obtain private key material. Like chmod 666.

        Almost nobody carries paper around her or him 24/7, which obviously also has the risk of losing it. So you have to have some protection on what you do not physically guard.

        1. 2

          Keys exported that way from GnuPG are still protected by the password, if they were protected at the time of export, but most are.

        2. 4

          Then you just print the QR code and then securely delete it.

          Then microwave the printer.

          1. 7

            If you’re afraid of the printer, you still can draw it by hand (can take a long time with strong rsa keys, but you could switch to ecc)… At this point you’d have to microwave your screen, your graphic card… and probably also… your whole computer. You shouldn’t also forget to also destroy the device flashing the Qr code then…

            1. 6

              Many enterprisey printers explicitly have a long memory of what they printed.

              1. 1

                I like the idea of drawing it by hand, but I bet it would go way faster with a typewriter that could print out some nice blocky squares… Hmmmm….

            2. 2

              Why not just print the ascii key?

              1. 1

                QR codes allow you to scan, rather than manually transcribing.

                1. 1

                  Eh. I have more OCR software than QR software.

                  In particular, the OCR software is on the computer where I want my keys to be, and the QR scanner is on my phone where I have no use for keys. So I’d end up transcribing off my phone screen.

                2. 1

                  Probably because qr codes are an easy way to restore the data. Better than OCR or typing by hand.

                3. 1

                  why not store the Key on multiple encrypted usb sticks?

                  1. 1

                    So, we went away from using passwords as they’re insecure and people stored them in insecure ways. We told people to never write down their password and never ever keep them on post-its next to their monitor. Now we use private keys instead as it’s more secure and they’re a lot bigger. Until someone came up with the brilliant idea to print their private keys as a QR code and put it on a post-it next to his/her monitor.

                    1. 1

                      optar is another option, better for data that’s more than ~2 KiB.