Human-readable key format suitable for hard copies? - PGP

This is a discussion on Human-readable key format suitable for hard copies? - PGP ; I would like to store a copy of my private keys on plain paper, in case my digital copies ever get misplaced/destroyed. I know that I can ASCII armor the key and simply print this, but this doesn't strike me ...

+ Reply to Thread
Results 1 to 8 of 8

Thread: Human-readable key format suitable for hard copies?

  1. Human-readable key format suitable for hard copies?

    I would like to store a copy of my private keys on plain paper, in case my
    digital copies ever get misplaced/destroyed. I know that I can ASCII armor
    the key and simply print this, but this doesn't strike me as being
    particularly human-friendly (for the purpose of re-entry, reading from a
    printed page without OCR).

    Is anyone familiar with any software that can create a kind of printout
    from binary data that can easily and reliably be re-entered by a human,
    WITHOUT using OCR? I envisage something that uses common English words to
    store information efficiently, with at least some sort of simple error
    detection/correction. I would expect this algorithm to be documented and
    open.

    Hope you see what I'm getting at?

  2. Re: Human-readable key format suitable for hard copies?

    On 15 Sep 2003 03:24:17 GMT, Jem Berkes wrote:

    >I would like to store a copy of my private keys on plain paper, in case my
    >digital copies ever get misplaced/destroyed. I know that I can ASCII armor
    >the key and simply print this, but this doesn't strike me as being
    >particularly human-friendly (for the purpose of re-entry, reading from a
    >printed page without OCR).
    >
    >Is anyone familiar with any software that can create a kind of printout
    >from binary data that can easily and reliably be re-entered by a human,
    >WITHOUT using OCR? I envisage something that uses common English words to
    >store information efficiently, with at least some sort of simple error
    >detection/correction. I would expect this algorithm to be documented and
    >open.
    >
    >Hope you see what I'm getting at?


    Silly question possibly, but what would paper provide over a CD-R? If anything,
    paper would be subject to a whole slew more methods of destruction that plastic.
    I.E, water, tearing, fading, crumpling, etc

    CD-R prices are so cheap now ($0.05 in bulk) that it seems that it would be
    extremely cheap and quick to simply burn 5 or 10 copies of your keyring files
    (conventionally encrypted of course) that to go thru some (IMHO) convoluted
    method of trying to reenter the key by hand.

    I know you mentioned that you'd like paper over digital in case your digital
    copies ever get misplaced or destroyed, I'm just curious how paper would somehow
    not get lost or destroyed and would fare any better than a thin, circular, 3
    inch (mini-cdr) piece of plastic placed inside of a protective jewel case =)



  3. Re: Human-readable key format suitable for hard copies?

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: RIPEMD160

    "Jem Berkes" wrote in message
    news:Xns93F6E409F5214jbuserspc9org@130.179.16.24.. .
    > I would like to store a copy of my private keys on plain paper, in case
    > my digital copies ever get misplaced/destroyed. I know that I can ASCII
    > armor the key and simply print this, but this doesn't strike me as being
    > particularly human-friendly (for the purpose of re-entry, reading from a
    > printed page without OCR).
    >
    > Is anyone familiar with any software that can create a kind of printout
    > from binary data that can easily and reliably be re-entered by a human,
    > WITHOUT using OCR? I envisage something that uses common English words to
    > store information efficiently, with at least some sort of simple error
    > detection/correction. I would expect this algorithm to be documented and
    > open.


    something similar to what you are describing, might be the biometric word
    list described by PRZ , and listed in the end of the
    pgp documentation, where there are 256 clearly enunciatable words, each
    representing one of the 256 ascii characters,

    it can be set up to transform the ascii characters of the key, into a
    (really long) wordlist, that can then be 'read' into the computer using any
    of the speech recognition programs, and then transformed back

    pgp can easily and quickly switch between the hexadecimal representation of
    a key fingerprint, to its biometric word pattern,
    and back again,
    so the transformation algorithm must exist someplace,

    but this may not be the 'easily and reliably' you are looking for,

    a pgp keyblock has 64 characters/line , and, as an example, one of my
    simplest test keys, a 1024 dh key, has 17 lines, (not including the
    checksum) for the private key,
    yielding a minimum of 1088 characters (even assuming that you would later
    extract the public key from the private one)

    a 1088 word list would be very tedious even to 'read' into the computer,
    and certainly to type,
    and the more tedious and random an entry task is, the more prone to error
    ....

    hth,

    vedaal

    -----BEGIN PGP SIGNATURE-----
    Version: 6.5.8ckt http://www.ipgpp.com/
    Comment: { Acts of Kindness better the World, and protect the Soul }
    Comment: KeyID: 0x6A05A0B785306D25
    Comment: Fingerprint: 96A6 5F71 1C43 8423 D9AE 02FD A711 97BA

    iQEVAwUBP2W/tmoFoLeFMG0lAQNeFQgAiY+kAofPdGoX4Ba3sswM6hffvjqgz9 T8
    SO4JpOyAg94Rx/aEg6k+gOIOehKjfscMQ9C3N/on1a3Ou2O+WVzosGCRWmzfq4kT
    R8RYQuTqhootP0vPKLJXLeGvxStlJREDDrRCmPLOVrPTsDsSGJ tKFOfBIcdgSmvU
    lHZHuMYrM8e8nUUQep4D4npXCGp8vS5NgsrzUu+FTOv9+DmEkL xXM0b3EXmpLMwg
    HQp06ESX0K2cMKb7E4k5cb6KFrIriPRhPmcT4pW3eGFTHAelii ZSK5FVLrMcD9de
    LcB7tu5lIrsL4zqp9TTeRLeqsYULyWUiXAa0+fBAvi9jeZU4Hg nLVw==
    =Imh1
    -----END PGP SIGNATURE-----



  4. Re: Human-readable key format suitable for hard copies?

    > Silly question possibly, but what would paper provide over a CD-R? If
    > anything, paper would be subject to a whole slew more methods of
    > destruction that plastic. I.E, water, tearing, fading, crumpling, etc


    I recently read articles about how CDRs are not lasting as long as people
    originally thought, and how they are inadequate for data archival since
    many last only about 5 years. I tested some of my own CDRs that are only 3
    years old, and discovered rather advanced data damage (> 50%). I no longer
    trust CDRs for long-term data archival unless fresh copies are made every
    so often. http://www.cdfreaks.com/news/7751

    Data on paper will last much longer provided the paper remains intact. Data
    on paper also exists independent of formats, specifications, etc. provided
    it can be reconstructed by a human who knows the (hopefully simple)
    algorithm. So my concern is about last-resort manual data recovery.

  5. Re: Human-readable key format suitable for hard copies?

    > something similar to what you are describing, might be the biometric
    > word list described by PRZ , and listed in the end of the
    > pgp documentation, where there are 256 clearly enunciatable words,
    > each representing one of the 256 ascii characters,


    Thanks, I didn't notice there was such a list in the documentation!

    > pgp can easily and quickly switch between the hexadecimal
    > representation of a key fingerprint, to its biometric word pattern,
    > and back again,
    > so the transformation algorithm must exist someplace,
    >
    > but this may not be the 'easily and reliably' you are looking for,


    I think you're right about this, considering the data re-entry part it
    really wouldn't be as good as I thought in word form. Maybe I'll do some
    experiments with series of numbers to see if I can devise a method that's
    not too hard to do manually, but is still space-efficient.

  6. Re: Human-readable key format suitable for hard copies?

    Jem Berkes wrote:
    >>something similar to what you are describing, might be the biometric
    >>word list described by PRZ , and listed in the end of the
    >>pgp documentation, where there are 256 clearly enunciatable words,
    >>each representing one of the 256 ascii characters,

    >
    >
    > Thanks, I didn't notice there was such a list in the documentation!
    >
    >
    >>pgp can easily and quickly switch between the hexadecimal
    >>representation of a key fingerprint, to its biometric word pattern,
    >>and back again,
    >>so the transformation algorithm must exist someplace,
    >>
    >>but this may not be the 'easily and reliably' you are looking for,

    >
    >
    > I think you're right about this, considering the data re-entry part it
    > really wouldn't be as good as I thought in word form. Maybe I'll do some
    > experiments with series of numbers to see if I can devise a method that's
    > not too hard to do manually, but is still space-efficient.


    Note that there is a very small part of the "key" that you need to save.
    If you can print out just the secret key material, you can reconstruct
    the OpenPGP data structures automatically.

    David


  7. Re: Human-readable key format suitable for hard copies?

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: RIPEMD160

    "David Shaw" wrote in message
    news:bk63br$c0e$1@foobar.cs.jhu.edu...

    [...]

    > Note that there is a very small part of the "key" that you need to save.
    > If you can print out just the secret key material, you can reconstruct
    > the OpenPGP data structures automatically.


    is there a way of knowing which part of the ascii armor of the private key
    this is?
    (or more accurately,
    which is the 'essential' part of the key, and that part can then just be
    'armored' and printed out)

    also,

    how is the data restorable into a useable key, once this is known?

    tia,
    vedaal

    -----BEGIN PGP SIGNATURE-----
    Version: 6.5.8ckt http://www.ipgpp.com/
    Comment: { Acts of Kindness better the World, and protect the Soul }
    Comment: KeyID: 0x6A05A0B785306D25
    Comment: Fingerprint: 96A6 5F71 1C43 8423 D9AE 02FD A711 97BA

    iQEVAwUBP2dKg2oFoLeFMG0lAQOHlwgAr0WSh6OWPKDKtgyFsJ 7cVTZ60edpzpS1
    ADyFF86EqjOvEGjMCM04/SKZb0oarHJWK3GnzAF3YC8Eehl5ovkEaPhOvuCUWvU4
    T13FOa1Q04DEjdJCn1PUUC9RyJm2/jg3B6OXvOfvMS8youaH8fKBA9NdFw9PuVS1
    OFguOwz1S4cBvi8omR59xW3zwOhDjTQzk14fQTOJK8HMTYa8/2i+6Flk6NnXvshT
    FJEWtU5Rd53EGMoZ73r/Ijf03VM2wUGUYXciw50z4ENC2DlQM6/5nLx06JgcKGO1
    Nk4ZP6qTR8b5fc5hqfeYbzaGrPKsmb5CI64s84caeVIV9/IaXf5WHw==
    =9olf
    -----END PGP SIGNATURE-----



  8. Re: Human-readable key format suitable for hard copies?

    vedaal wrote:

    >> Note that there is a very small part of the "key" that you need to save.
    >> If you can print out just the secret key material, you can reconstruct
    >> the OpenPGP data structures automatically.

    >
    > is there a way of knowing which part of the ascii armor of the private key
    > this is?
    > (or more accurately,
    > which is the 'essential' part of the key, and that part can then just be
    > 'armored' and printed out)


    RFC-2440. You only need the actual key material, unencrypted. For
    DSA or Elgamal, that's one (large) number.

    > how is the data restorable into a useable key, once this is known?


    Just fill in the blanks. You know the key type, so fill that in, it
    isn't encrypted, so you can fill that part in, etc.

    Once this is all done, you have a secret key packet. Join it with the
    public key packets (which never seem to get lost since the keyservers
    keep them forever), and you've reconstructed your key.

    David

+ Reply to Thread