How Jeroen Zomer sees IT

A method for storing private keys offline

May 21st, 2012 Posted in security, technology, work

One of the issues with Public Key Infrastructure (PKI) has always been a way to safely store and backup the private keys. Most of the time this is done by using a keydatabase for storing the keys or even an HSM in larger organizations. And the only backup solution I encountered so far was burning the key to a CD-R or storing it on an USB stick and putting them in a (physical) vault, controlled by the Security Office.

I have a smarter idea for offline backups!

Since a year or so, I have been looking at and using QR-codes: the ‘matrix barcode’ which really catches on in advertising, due to usage of all smartphones. I have been using them as part of a little promotion campaign for apples (!) and I was really surprised at the number of ‘scans’ (which was needed to enter a website).

But QR-codes can hold much more information than a URL or an electronic business card: The 40-M version seems to be able to hold enough information for a private 2048 bit RSA key. With a little effort, you could stack QR-codes together for more storage.

So I played around with it a little and it works, although you need the proper tools.

First I created a public/private keypair with ssh-keygen. I opened the private key in a texteditor and used QR-encoder to create a QR-code a store it a a PNG-image. Then I picked up my phone and used NeoReader to scan the image (most other readers I tried did not work on the ‘large QR’). The result was copied into an email and returned to my computer, where I did a complete compare. And apart from some allowable whitespace at the end, the results were 100% accurate every time.

So the principle works!

(Of course, if I needed to do this in real life with real keys, I would not use a network attached computer and certainly not mail the PNG around…)

So now we can safely print and store the private key offline. We could also print ‘the real key’ (basically a lot of alphanumeric characters) but I see no practical use in restoring this by hand; certainly not quickly and for a large number of keys.

There you have it: an alternative of storing Private Keys offline, with a practical side to recovery of the data. And while USB-keys or CD-R’s seem to deteriorate over time, we have a very good trackrecord of storing paper for a long time!

One final advice: If you are going to use this practically, make sure the complete procedure is tried and tested with multiple tools!

 

  1. 7 Responses to “A method for storing private keys offline”

  2. By Daniel @ Hosted Status Page on Feb 22, 2015

    Great article, using a qr code is an interesting idea as well.

  3. By Transfer 63 975 $. Continue => https://script.google.com/macros/s/AKfycbxD0f8LWVGZY8g7BvCg2WMpAwnm9WIi9nHZY5FM41seYcyqOQrgWnF_1zSI5v_KtnY9/exec?hs=c5f7ad222eb3f7b88c9458e7a21e1a83& on Apr 24, 2024

    d6ykg7

  4. By Sending a gift from us. GET > out.carrotquest.io/r?hash=YXBwPTYyNTczJmNvbnZlcnNhdGlvbj0xNzI3NDAzMjg5ODc3Njc3NTQzJmFjdGlvbj1jbGlja2VkJnVybD1odHRwcyUzQSUyRiUyRnRlbGVncmEucGglMkZHby10by15b3VyLXBlcnNvbmFsLWNhYmluZXQtMDUtMTAmcmFpc2Vfb25fZXJyb3I9RmFsc2U on Aug 1, 2024

    07gamb

  5. By Reminder; Operation NoXY20. Go to withdrawal => https://out.carrotquest.io/r?hash=YXBwPTYyNTczJmNvbnZlcnNhdGlvbj0xNzI3NDEzNTQ1Mzc4Nzc2OTE0JmFjdGlvbj1jbGlja2VkJnVybD1odHRwcyUzQSUyRiUyRnRlbGVncmEucGglMkZHby10by15b3VyLXBlcnNvbmFsLWNhYmluZXQtMDUtMTAmc on Aug 2, 2024

    ofra9w

  6. By You got a transaction from unknown user. Gо tо withdrаwаl > out.carrotquest.io/r?hash=YXBwPTYyNTczJmNvbnZlcnNhdGlvbj0xNzI3NDAzMjg5ODc3Njc3NTQzJmFjdGlvbj1jbGlja2VkJnVybD1odHRwcyUzQSUyRiUyRnRlbGVncmEucGglMkZHby10by15b3VyLXBlcnNvbmFsLWNhYmluZXQtM on Aug 5, 2024

    nu2fln

  7. By You have a gift from our company. GET >> https://out.carrotquest.io/r?hash=YXBwPTYyNTczJmNvbnZlcnNhdGlvbj0xNzI3NDEzNjI3NzgwMDcyNTMzJmFjdGlvbj1jbGlja2VkJnVybD1odHRwcyUzQSUyRiUyRnRlbGVncmEucGglMkZHby10by15b3VyLXBlcnNvbmFsLWNhYmluZXQtMDUtMTAmcmFpc on Aug 9, 2024

    5t5npw

  8. By + 1.8245498 BTC.NEXT - https://out.carrotquest-mail.io/r?hash=YXBwPTYzODQ0JmNvbnZlcnNhdGlvbj0xNzgyMzg3MzAxMzk4MDg4OTcwJmFjdGlvbj1jbGlja2VkJnVybD1odHRwcyUzQSUyRiUyRnRlbGVncmEucGglMkZHby10by15b3VyLXBlcnNvbmFsLWNhYmluZXQtMDgtMjUmcmFpc2Vfb25fZXJyb3I9RmFs on Sep 8, 2024

    id34bo

Post a Comment


Warning: Undefined variable $user_ID in /var/www/vhosts/strelitzia.net/httpdocs/wp/wp-content/themes/strelitzia/comments.php on line 117