NAME

       paperkey - extract secret information out of OpenPGP secret keys

SYNOPSIS

       paperkey        [--secret-key=FILE]       [--output=FILE]       [--output-type=base16|raw]
       [--output-width=WIDTH]

       paperkey --pubring=FILE  [--secrets=FILE]  [--input-type=auto|base16|raw]  [--output=FILE]
       [--ignore-crc-error] [--comment=STRING] [--file-format]

       paperkey --version

MOTIVATION

       As  with all data, secret keys should be backed up.  In fact, secret keys should be backed
       up even better than other data, because they are impossible to recreate should  they  ever
       be  lost.   All  files  encrypted  to  lost keys are forever (or at least for a long time)
       undecipherable.  In addition to keeping backups of secret key information on digital media
       such  as USB-sticks or CDs it is reasonable to keep an if-all-else-fails copy on plain old
       paper, for use should your digital media  ever  become  unreadable  for  whatever  reason.
       Stored properly, paper is able to keep information for several decades or longer.

       With  GnuPG,  PGP,  or other OpenPGP implementations the secret key usually contains a lot
       more than just the secret numbers that are important.   They  also  hold  all  the  public
       values  of  key  pairs,  user  ids,  expiration  times and more.  In order to minimize the
       information that has to be entered manually or with the help  of  OCR  software,  paperkey
       extracts  just the secret information out of OpenPGP secret keys.  For recovering a secret
       key it is assumed that the public  key  is  still  available,  for  instance  from  public
       Internet keyservers.

DESCRIPTION

       paperkey has two modes of operation:

       The first mode creates "paperkeys" by extracting just the secret information from a secret
       key, formatting the data in a way suitable for printing or  in  a  raw  mode  for  further
       processing.

       The  other  mode  rebuilds  secret keys from such a paperkey and a copy of the public key,
       also verifying the checksums embedded in the paperkey.  This mode  is  selected  when  the
       --pubring  option is used, which is required in that case.  If a passphrase was set on the
       original secret key, the same passphrase is set on the rebuilt key.

       Input is read from standard-in except when the --secret-key or --secrets option  is  used;
       output is printed to standard-out, unless changed with the --output option.

SECURITY CONSIDERATIONS

       Please  note  that  paperkey  does  not change the protection and encryption status of and
       security requirements for storing your secret key. If the secret key was  protected  by  a
       passphrase so is the paperkey.  If the secret key was unprotected the paperkey will not be
       protected either.

OPTIONS

       --help, -h Display a short help message and exit successfully.

       --version, -V
              Print version information and copyright information and exit successfully.

       --verbose, -v
              Print status and progress information to standard-error while processing the input.
              Repeat for even more output.

       --output=FILE, -o
              Redirect output to the file given instead of printing to standard-output.

       --comment=STRING
              Include the specified comment in the base16 output.

       --file-format
              Paperkey  automatically  includes the file format it uses as comments at the top of
              the base16 output.  This command simply  prints  out  the  file  format  and  exits
              successfully.

OPTIONS FOR EXTRACTING SECRET INFORMATION

       --output-type=base16, --output-type=raw
              Select the output type.  The base16 style encodes the information in the style of a
              classic hex-dump, including line numbers and per-line CRC checksums  to  facilitate
              localizing errors in the input file during the recovery phase.  The raw, or binary,
              mode is just a raw dump of the secret information, intended for feeding to  barcode
              generators or the like.

       --output-width=WIDTH
              Choose line width in the base16 output mode.  The default is 78 characters.

       --secret-key=FILE
              File  to read the secret key from.  If this option is not given paperkey reads from
              standard-input.

OPTIONS FOR RE-CREATING PRIVATE KEYS

       --input-type=auto, --input-type=base16, --input-type=raw
              Specify that the given input is either in base16 format, as produced  by  paperkey,
              or  in  raw format.  The default, auto, tries to automatically detect the format in
              use.

       --pubring=FILE
              File to read public key information from.  It is assumed that the user can get  the
              public key from sources like public Internet keyservers.

       --secrets=FILE
              File  to read the extracted secrets, the paperkey, from.  If this is not given then
              the information is read from standard-input.

       --ignore-crc-error
              Do not reject corrupt input and continue despite any CRC errors.

EXAMPLES

       Take the secret key in key.gpg and generate a text file  to-be-printed.txt  that  contains
       the secret data:

       $ paperkey --secret-key my-secret-key.gpg --output to-be-printed.txt

       Take  the secret key data in my-key-text-file.txt and combine it with my-public-key.gpg to
       reconstruct my-secret-key.gpg:

       $   paperkey   --pubring   my-public-key.gpg   --secrets   my-key-text-file.txt   --output
       my-secret-key.gpg

       If  --output  is  not  specified,  the  output  goes  to  stdout.   If --secret-key is not
       specified, the data is read from stdin so you can do things like:

       $ gpg --export-secret-key my-key | paperkey | lpr

SEE ALSO

       gpg(1), http://www.jabberwocky.com/software/paperkey/

AUTHORS

       paperkey is written by David Shaw <dshaw@jabberwocky.com>.