On 15 Sep 2003 03:24:17 GMT, Jem Berkes wrote:

>I would like to store a copy of my private keys on plain paper, in case my
>digital copies ever get misplaced/destroyed. I know that I can ASCII armor
>the key and simply print this, but this doesn't strike me as being
>particularly human-friendly (for the purpose of re-entry, reading from a
>printed page without OCR).
>
>Is anyone familiar with any software that can create a kind of printout
>from binary data that can easily and reliably be re-entered by a human,
>WITHOUT using OCR? I envisage something that uses common English words to
>store information efficiently, with at least some sort of simple error
>detection/correction. I would expect this algorithm to be documented and
>open.
>
>Hope you see what I'm getting at?

Silly question possibly, but what would paper provide over a CD-R? If anything,
paper would be subject to a whole slew more methods of destruction that plastic.
I.E, water, tearing, fading, crumpling, etc

CD-R prices are so cheap now ($0.05 in bulk) that it seems that it would be
extremely cheap and quick to simply burn 5 or 10 copies of your keyring files
(conventionally encrypted of course) that to go thru some (IMHO) convoluted
method of trying to reenter the key by hand.

I know you mentioned that you'd like paper over digital in case your digital
copies ever get misplaced or destroyed, I'm just curious how paper would somehow
not get lost or destroyed and would fare any better than a thin, circular, 3
inch (mini-cdr) piece of plastic placed inside of a protective jewel case =)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

"Jem Berkes" wrote in message
news:Xns93F6E409F5214jbuserspc9org@130.179.16.24.. .
> I would like to store a copy of my private keys on plain paper, in case
> my digital copies ever get misplaced/destroyed. I know that I can ASCII
> armor the key and simply print this, but this doesn't strike me as being
> particularly human-friendly (for the purpose of re-entry, reading from a
> printed page without OCR).
>
> Is anyone familiar with any software that can create a kind of printout
> from binary data that can easily and reliably be re-entered by a human,
> WITHOUT using OCR? I envisage something that uses common English words to
> store information efficiently, with at least some sort of simple error
> detection/correction. I would expect this algorithm to be documented and
> open.

something similar to what you are describing, might be the biometric word
list described by PRZ , and listed in the end of the
pgp documentation, where there are 256 clearly enunciatable words, each
representing one of the 256 ascii characters,

it can be set up to transform the ascii characters of the key, into a
(really long) wordlist, that can then be 'read' into the computer using any
of the speech recognition programs, and then transformed back

pgp can easily and quickly switch between the hexadecimal representation of
a key fingerprint, to its biometric word pattern,
and back again,
so the transformation algorithm must exist someplace,

but this may not be the 'easily and reliably' you are looking for,

a pgp keyblock has 64 characters/line , and, as an example, one of my
simplest test keys, a 1024 dh key, has 17 lines, (not including the
checksum) for the private key,
yielding a minimum of 1088 characters (even assuming that you would later
extract the public key from the private one)

a 1088 word list would be very tedious even to 'read' into the computer,
and certainly to type,
and the more tedious and random an entry task is, the more prone to error
....

hth,

vedaal

-----BEGIN PGP SIGNATURE-----
Version: 6.5.8ckt http://www.ipgpp.com/
Comment: { Acts of Kindness better the World, and protect the Soul }
Comment: KeyID: 0x6A05A0B785306D25
Comment: Fingerprint: 96A6 5F71 1C43 8423 D9AE 02FD A711 97BA

iQEVAwUBP2W/tmoFoLeFMG0lAQNeFQgAiY+kAofPdGoX4Ba3sswM6hffvjqgz9 T8
SO4JpOyAg94Rx/aEg6k+gOIOehKjfscMQ9C3N/on1a3Ou2O+WVzosGCRWmzfq4kT
R8RYQuTqhootP0vPKLJXLeGvxStlJREDDrRCmPLOVrPTsDsSGJ tKFOfBIcdgSmvU
lHZHuMYrM8e8nUUQep4D4npXCGp8vS5NgsrzUu+FTOv9+DmEkL xXM0b3EXmpLMwg
HQp06ESX0K2cMKb7E4k5cb6KFrIriPRhPmcT4pW3eGFTHAelii ZSK5FVLrMcD9de
LcB7tu5lIrsL4zqp9TTeRLeqsYULyWUiXAa0+fBAvi9jeZU4Hg nLVw==
=Imh1
-----END PGP SIGNATURE-----

> Silly question possibly, but what would paper provide over a CD-R? If
> anything, paper would be subject to a whole slew more methods of
> destruction that plastic. I.E, water, tearing, fading, crumpling, etc

I recently read articles about how CDRs are not lasting as long as people
originally thought, and how they are inadequate for data archival since
many last only about 5 years. I tested some of my own CDRs that are only 3
years old, and discovered rather advanced data damage (> 50%). I no longer
trust CDRs for long-term data archival unless fresh copies are made every
so often. http://www.cdfreaks.com/news/7751

Data on paper will last much longer provided the paper remains intact. Data
on paper also exists independent of formats, specifications, etc. provided
it can be reconstructed by a human who knows the (hopefully simple)
algorithm. So my concern is about last-resort manual data recovery.

> something similar to what you are describing, might be the biometric
> word list described by PRZ , and listed in the end of the
> pgp documentation, where there are 256 clearly enunciatable words,
> each representing one of the 256 ascii characters,

Thanks, I didn't notice there was such a list in the documentation!

> pgp can easily and quickly switch between the hexadecimal
> representation of a key fingerprint, to its biometric word pattern,
> and back again,
> so the transformation algorithm must exist someplace,
>
> but this may not be the 'easily and reliably' you are looking for,

I think you're right about this, considering the data re-entry part it
really wouldn't be as good as I thought in word form. Maybe I'll do some
experiments with series of numbers to see if I can devise a method that's
not too hard to do manually, but is still space-efficient.

Jem Berkes wrote:
>>something similar to what you are describing, might be the biometric
>>word list described by PRZ , and listed in the end of the
>>pgp documentation, where there are 256 clearly enunciatable words,
>>each representing one of the 256 ascii characters,
>
>
> Thanks, I didn't notice there was such a list in the documentation!
>
>
>>pgp can easily and quickly switch between the hexadecimal
>>representation of a key fingerprint, to its biometric word pattern,
>>and back again,
>>so the transformation algorithm must exist someplace,
>>
>>but this may not be the 'easily and reliably' you are looking for,
>
>
> I think you're right about this, considering the data re-entry part it
> really wouldn't be as good as I thought in word form. Maybe I'll do some
> experiments with series of numbers to see if I can devise a method that's
> not too hard to do manually, but is still space-efficient.

Note that there is a very small part of the "key" that you need to save.
If you can print out just the secret key material, you can reconstruct
the OpenPGP data structures automatically.

David

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

"David Shaw" wrote in message
news:bk63br$c0e$1@foobar.cs.jhu.edu...

[...]

> Note that there is a very small part of the "key" that you need to save.
> If you can print out just the secret key material, you can reconstruct
> the OpenPGP data structures automatically.

is there a way of knowing which part of the ascii armor of the private key
this is?
(or more accurately,
which is the 'essential' part of the key, and that part can then just be
'armored' and printed out)

also,

how is the data restorable into a useable key, once this is known?

tia,
vedaal

-----BEGIN PGP SIGNATURE-----
Version: 6.5.8ckt http://www.ipgpp.com/
Comment: { Acts of Kindness better the World, and protect the Soul }
Comment: KeyID: 0x6A05A0B785306D25
Comment: Fingerprint: 96A6 5F71 1C43 8423 D9AE 02FD A711 97BA

iQEVAwUBP2dKg2oFoLeFMG0lAQOHlwgAr0WSh6OWPKDKtgyFsJ 7cVTZ60edpzpS1
ADyFF86EqjOvEGjMCM04/SKZb0oarHJWK3GnzAF3YC8Eehl5ovkEaPhOvuCUWvU4
T13FOa1Q04DEjdJCn1PUUC9RyJm2/jg3B6OXvOfvMS8youaH8fKBA9NdFw9PuVS1
OFguOwz1S4cBvi8omR59xW3zwOhDjTQzk14fQTOJK8HMTYa8/2i+6Flk6NnXvshT
FJEWtU5Rd53EGMoZ73r/Ijf03VM2wUGUYXciw50z4ENC2DlQM6/5nLx06JgcKGO1
Nk4ZP6qTR8b5fc5hqfeYbzaGrPKsmb5CI64s84caeVIV9/IaXf5WHw==
=9olf
-----END PGP SIGNATURE-----

vedaal wrote:

>> Note that there is a very small part of the "key" that you need to save.
>> If you can print out just the secret key material, you can reconstruct
>> the OpenPGP data structures automatically.
>
> is there a way of knowing which part of the ascii armor of the private key
> this is?
> (or more accurately,
> which is the 'essential' part of the key, and that part can then just be
> 'armored' and printed out)

RFC-2440. You only need the actual key material, unencrypted. For
DSA or Elgamal, that's one (large) number.

> how is the data restorable into a useable key, once this is known?

Just fill in the blanks. You know the key type, so fill that in, it
isn't encrypted, so you can fill that part in, etc.

Once this is all done, you have a secret key packet. Join it with the
public key packets (which never seem to get lost since the keyservers
keep them forever), and you've reconstructed your key.

David