[4mPAPERKEY[24m(1)                 General Commands Manual                [4mPAPERKEY[24m(1)

[1mNAME[0m
       paperkey - extract secret information out of OpenPGP secret keys

[1mSYNOPSIS[0m
       [1mpaperkey [22m[[1m--secret-key=[4m[22mFILE[24m] [[1m--output=[4m[22mFILE[24m] [[1m--output-type=base16[22m|[1mraw[22m]
       [[1m--output-width=[4m[22mWIDTH[24m]

       [1mpaperkey --pubring=[4m[22mFILE[24m [[1m--secrets=[4m[22mFILE[24m] [[1m--input-type=auto[22m|[1mbase16[22m|[1mraw[22m]
       [[1m--output=[4m[22mFILE[24m] [[1m--ignore-crc-error[22m] [[1m--comment=[4m[22mSTRING[24m] [[1m--file-format[22m]

       [1mpaperkey --version[0m

[1mMOTIVATION[0m
       As  with  all  data,  secret keys should be backed up.  In fact, secret
       keys should be backed up even better than other data, because they  are
       impossible  to  recreate should they ever be lost.  All files encrypted
       to lost keys are forever (or at least for a long time)  undecipherable.
       In addition to keeping backups of secret key information on digital me-
       dia  such as USB-sticks or CDs it is reasonable to keep an if-all-else-
       fails copy on plain old paper, for use should your digital  media  ever
       become  unreadable for whatever reason.  Stored properly, paper is able
       to keep information for several decades or longer.

       With GnuPG, PGP, or other OpenPGP implementations the secret  key  usu-
       ally  contains  a lot more than just the secret numbers that are impor-
       tant.  They also hold all the public values of key pairs, user ids, ex-
       piration times and more.  In order to minimize the information that has
       to be entered manually or with the help of  OCR,  QR  code  or  similar
       software,  [1mpaperkey [22mextracts just the secret information out of OpenPGP
       secret keys.  For recovering a secret key it is assumed that the public
       key is still available, for instance from public Internet keyservers.

[1mDESCRIPTION[0m
       [1mpaperkey [22mhas two modes of operation:

       The first mode creates "paperkeys" by extracting just the secret infor-
       mation from a secret key, formatting the data in  a  way  suitable  for
       printing or in a raw mode for further processing.

       The  other mode rebuilds secret keys from such a paperkey and a copy of
       the public key, also verifying the checksums embedded in the  paperkey.
       This  mode  is selected when the [1m--pubring [22moption is used, which is re-
       quired in that case.  If a passphrase was set on  the  original  secret
       key, the same passphrase is set on the rebuilt key.

       Input  is  read  from standard-in except when the [1m--secret-key [22mor [1m--se-[0m
       [1mcrets [22moption is used; output is printed to standard-out, unless changed
       with the [1m--output [22moption.

[1mSECURITY CONSIDERATIONS[0m
       Please note that [1mpaperkey [22mdoes not change the protection and encryption
       status of and security requirements for storing your secret key. If the
       secret key was protected by a passphrase so is the  paperkey.   If  the
       secret key was unprotected the paperkey will not be protected either.

[1mOPTIONS[0m
       [1m--help[22m, [1m-h [22mDisplay a short help message and exit successfully.

       [1m--version[22m, [1m-V[0m
              Print  version  information  and  copyright information and exit
              successfully.

       [1m--verbose[22m, [1m-v[0m
              Print status and progress information  to  standard-error  while
              processing the input.  Repeat for even more output.

       [1m--output=[4m[22mFILE[24m, [1m-o[0m
              Redirect  output  to the file given instead of printing to stan-
              dard-output.

       [1m--comment=[4m[22mSTRING[0m
              Include the specified comment in the base16 output.

       [1m--file-format[0m
              Paperkey automatically includes the file format it uses as  com-
              ments  at  the  top  of  the base16 output.  This command simply
              prints out the file format and exits successfully.

[1mOPTIONS FOR EXTRACTING SECRET INFORMATION[0m
       [1m--output-type=base16[22m, [1m--output-type=raw[0m
              Select the output type.  The base16 style encodes  the  informa-
              tion  in the style of a classic hex-dump, including line numbers
              and per-line CRC checksums to facilitate  localizing  errors  in
              the  input  file during the recovery phase.  The raw, or binary,
              mode is just a raw dump of the secret information, intended  for
              feeding to barcode generators or the like.

       [1m--output-width=[4m[22mWIDTH[0m
              Choose  line width in the base16 output mode.  The default is 78
              characters.

       [1m--secret-key=[4m[22mFILE[0m
              File to read the secret key from.  If this option is  not  given
              [1mpaperkey [22mreads from standard-input.

[1mOPTIONS FOR RE-CREATING PRIVATE KEYS[0m
       [1m--input-type=auto[22m, [1m--input-type=base16[22m, [1m--input-type=raw[0m
              Specify that the given input is either in base16 format, as pro-
              duced  by  [1mpaperkey[22m, or in raw format.  The default, auto, tries
              to automatically detect the format in use.

       [1m--pubring=[4m[22mFILE[0m
              File to read public key information from.  It  is  assumed  that
              the  user can get the public key from sources like public Inter-
              net keyservers.

       [1m--secrets=[4m[22mFILE[0m
              File to read the extracted secrets, the paperkey, from.  If this
              is not given then the information is read from standard-input.

       [1m--ignore-crc-error[0m
              Do not reject corrupt input and continue despite any CRC errors.

[1mEXAMPLES[0m
       Take  the  secret  key  in   key.gpg   and   generate   a   text   file
       to-be-printed.txt that contains the secret data:

       [1m$ paperkey --secret-key my-secret-key.gpg --output to-be-printed.txt[0m

       Take  the  secret  key data in my-key-text-file.txt and combine it with
       my-public-key.gpg to reconstruct my-secret-key.gpg:

       [1m$ paperkey --pubring my-public-key.gpg  --secrets  my-key-text-file.txt[0m
       [1m--output my-secret-key.gpg[0m

       If  --output  is  not  specified,  the output goes to stdout.  If --se-
       cret-key is not specified, the data is read from stdin so  you  can  do
       things like:

       [1m$ gpg --export-secret-key my-key | paperkey | lpr[0m

[1mSEE ALSO[0m
       [1mgpg[22m(1), [1mhttp://www.jabberwocky.com/software/paperkey/[0m

[1mAUTHORS[0m
       [1mpaperkey [22mis written by David Shaw <dshaw@jabberwocky.com>.

PAPERKEY                           June 2012                       [4mPAPERKEY[24m(1)