Use QR codes to save paper backups of your private keys

I love QR codes. They make it incredibly easy to get chunks of text from paper to computer (or phone or whatever).

One of the ways I like to use them is to store offline, paper backups of my server private keys. A private key can be thousands of case-sensitive characters long. Nobody wants to type that in by hand. By creating a QR code, I can print it off and store it in my safe in case I need it.

But QR codes are awful!

Although I love QR codes, using them isn’t always pleasant. Most marketers suck at using QR codes: they randomly place them on products without context, link them to non-mobile websites or just their company homepage, or print them ultra tiny while including massive amounts of data.

This doesn’t mean QR codes suck, it just means people use them poorly. Blame the users, not the technology.

Private key backups

The first step is to create your private key. I like long 4096 bit keys, and I tend to create them using the PuTTY Key Generator. Use whatever you want. Doesn’t really matter.

Next, you need some QR code generating software. You could do this online but then you are giving your private key to a random stranger on the internet. I use QR-Code Studio, not because it is particularly awesome but because it was the first easy-to-use, free QR code software I stumbled upon.

Paste the text of your key into the input box in QR-Code Studio. Change the width/height to something large like 8 inches (the software will likely scale this down a bit).

You can optionally add a caption. I like to add the filename of the original key above the QR code.

Export the barcode to a PNG and print it. Get your phone out and make sure you can scan it. One of the most important rules of backups is to make sure your backup actually works.

Example QR code

An example key in PuTTY’s ppk format.

 

Why not a thumb drive, Dropbox, CD, etc?

My private keys are literally the keys to my business. They get me into everything that matters. I don’t want anyone having access to my keys but me, and I absolutely must have a backup.

Your files at Dropbox are not absolutely private and secure, even more so if you use third-party apps. Thumb drives and CDs have limited lifespans (as short as 1.9 years in some tests) and it is hard to know when they will fail. If my house burns down my external hard drive isn’t going to do me any good.

So that brings us to paper. I print on quality paper using a black and white laser printer. I’ve been unable to find any authoritative source to tell me how long laser prints will last. I suspect decades is a conservative estimate, especially stored in a fireproof safe.

Leave a Reply

Your email address will not be published. Required fields are marked *