This is the command paperkey that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator
PROGRAM:
NAME
paperkey - extract secret information out of OpenPGP secret keys
SYNOPSIS
paperkey [--secret-key=FILE] [--output=FILE] [--output-type=base16|raw]
[--output-width=WIDTH]
paperkey --pubring=FILE [--secrets=FILE] [--input-type=auto|base16|raw] [--output=FILE]
[--ignore-crc-error] [--comment=STRING] [--file-format]
paperkey --version
MOTIVATION
As with all data, secret keys should be backed up. In fact, secret keys should be backed
up even better than other data, because they are impossible to recreate should they ever
be lost. All files encrypted to lost keys are forever (or at least for a long time)
undecipherable. In addition to keeping backups of secret key information on digital media
such as USB-sticks or CDs it is reasonable to keep an if-all-else-fails copy on plain old
paper, for use should your digital media ever become unreadable for whatever reason.
Stored properly, paper is able to keep information for several decades or longer.
With GnuPG, PGP, or other OpenPGP implementations the secret key usually contains a lot
more than just the secret numbers that are important. They also hold all the public
values of key pairs, user ids, expiration times and more. In order to minimize the
information that has to be entered manually or with the help of OCR software, paperkey
extracts just the secret information out of OpenPGP secret keys. For recovering a secret
key it is assumed that the public key is still available, for instance from public
Internet keyservers.
DESCRIPTION
paperkey has two modes of operation:
The first mode creates "paperkeys" by extracting just the secret information from a secret
key, formatting the data in a way suitable for printing or in a raw mode for further
processing.
The other mode rebuilds secret keys from such a paperkey and a copy of the public key,
also verifying the checksums embedded in the paperkey. This mode is selected when the
--pubring option is used, which is required in that case. If a passphrase was set on the
original secret key, the same passphrase is set on the rebuilt key.
Input is read from standard-in except when the --secret-key or --secrets option is used;
output is printed to standard-out, unless changed with the --output option.
SECURITY CONSIDERATIONS
Please note that paperkey does not change the protection and encryption status of and
security requirements for storing your secret key. If the secret key was protected by a
passphrase so is the paperkey. If the secret key was unprotected the paperkey will not be
protected either.
OPTIONS
--help, -h Display a short help message and exit successfully.
--version, -V
Print version information and copyright information and exit successfully.
--verbose, -v
Print status and progress information to standard-error while processing the input.
Repeat for even more output.
--output=FILE, -o
Redirect output to the file given instead of printing to standard-output.
--comment=STRING
Include the specified comment in the base16 output.
--file-format
Paperkey automatically includes the file format it uses as comments at the top of
the base16 output. This command simply prints out the file format and exits
successfully.
OPTIONS FOR EXTRACTING SECRET INFORMATION
--output-type=base16, --output-type=raw
Select the output type. The base16 style encodes the information in the style of a
classic hex-dump, including line numbers and per-line CRC checksums to facilitate
localizing errors in the input file during the recovery phase. The raw, or binary,
mode is just a raw dump of the secret information, intended for feeding to barcode
generators or the like.
--output-width=WIDTH
Choose line width in the base16 output mode. The default is 78 characters.
--secret-key=FILE
File to read the secret key from. If this option is not given paperkey reads from
standard-input.
OPTIONS FOR RE-CREATING PRIVATE KEYS
--input-type=auto, --input-type=base16, --input-type=raw
Specify that the given input is either in base16 format, as produced by paperkey,
or in raw format. The default, auto, tries to automatically detect the format in
use.
--pubring=FILE
File to read public key information from. It is assumed that the user can get the
public key from sources like public Internet keyservers.
--secrets=FILE
File to read the extracted secrets, the paperkey, from. If this is not given then
the information is read from standard-input.
--ignore-crc-error
Do not reject corrupt input and continue despite any CRC errors.
EXAMPLES
Take the secret key in key.gpg and generate a text file to-be-printed.txt that contains
the secret data:
$ paperkey --secret-key my-secret-key.gpg --output to-be-printed.txt
Take the secret key data in my-key-text-file.txt and combine it with my-public-key.gpg to
reconstruct my-secret-key.gpg:
$ paperkey --pubring my-public-key.gpg --secrets my-key-text-file.txt --output
my-secret-key.gpg
If --output is not specified, the output goes to stdout. If --secret-key is not
specified, the data is read from stdin so you can do things like:
$ gpg --export-secret-key my-key | paperkey | lpr
Use paperkey online using onworks.net services
