OpenPGP Paper Backup


I’ve been using OpenPGP through GnuPG since early 2000’. It’s an essential part of Debian Developer’s workflow. We use it regularly to authenticate package uploads and votes. Proper backups of that key are really important.

Up until recently, the only reliable option for me was backing up a tarball of my ~/.gnupg offline on a set few flash drives. This approach is better than nothing, but it’s not nearly as reliable as I’d like it to be. The main reason is that data on a flash drive degrades over time. You have to remember to periodically plug the flash drive into your computer’s USB port because the electric charge that represents your data wears off with time. I always wanted a more durable medium that I could store both, at home and in a safety deposit box.


I tried using paperkey, which in itself is a great tool, but I wasn’t able to find an open-source OCR that would have to work alongside it.

With paperkey you prepare a text file that you’re supposed to print on paper. When recovering the backup, you’re supposed to scan the printout and use OCR to recover the text file.

I failed to find an open-source OCR system that would be able to recover the text file. I’ve experimented with Tesseract quite extensively. It works well with plain English but fails when it’s supposed to recognize a text file composed mostly of hexadecimal numbers, which paperkey spits out. Well, that didn’t work well.

After chatting with Otto, decided to go with his idea and implement the backup solution myself using QR codes instead of plain files.


I used this need also as an opportunity to learn a little Rust. openpgp-paper-backup is a Cargo crate, which makes it easy to compile locally. I’ve also, however, packaged it as a Snap.

If you need of a similar CLI tool, please, give it a go. You’ll find instructions in the form of a tutorial on how to use it on the project’s home page. If you do give it a try, I’d appreciate your feedback. :)