A method for storing private keys offline
May 21st, 2012 Posted in security, technology, work
One of the issues with Public Key Infrastructure (PKI) has always been a way to safely store and backup the private keys. Most of the time this is done by using a keydatabase for storing the keys or even an HSM in larger organizations. And the only backup solution I encountered so far was burning the key to a CD-R or storing it on an USB stick and putting them in a (physical) vault, controlled by the Security Office.
I have a smarter idea for offline backups!
Since a year or so, I have been looking at and using QR-codes: the ‘matrix barcode’ which really catches on in advertising, due to usage of all smartphones. I have been using them as part of a little promotion campaign for apples (!) and I was really surprised at the number of ‘scans’ (which was needed to enter a website).
But QR-codes can hold much more information than a URL or an electronic business card: The 40-M version seems to be able to hold enough information for a private 2048 bit RSA key. With a little effort, you could stack QR-codes together for more storage.
So I played around with it a little and it works, although you need the proper tools.
First I created a public/private keypair with ssh-keygen. I opened the private key in a texteditor and used QR-encoder to create a QR-code a store it a a PNG-image. Then I picked up my phone and used NeoReader to scan the image (most other readers I tried did not work on the ‘large QR’). The result was copied into an email and returned to my computer, where I did a complete compare. And apart from some allowable whitespace at the end, the results were 100% accurate every time.
So the principle works!
(Of course, if I needed to do this in real life with real keys, I would not use a network attached computer and certainly not mail the PNG around…)
So now we can safely print and store the private key offline. We could also print ‘the real key’ (basically a lot of alphanumeric characters) but I see no practical use in restoring this by hand; certainly not quickly and for a large number of keys.
There you have it: an alternative of storing Private Keys offline, with a practical side to recovery of the data. And while USB-keys or CD-R’s seem to deteriorate over time, we have a very good trackrecord of storing paper for a long time!
One final advice: If you are going to use this practically, make sure the complete procedure is tried and tested with multiple tools!


7 Responses to “A method for storing private keys offline”
By Daniel @ Hosted Status Page on Feb 22, 2015
Great article, using a qr code is an interesting idea as well.
By Transfer 63 975 $. Continue => https://script.google.com/macros/s/AKfycbxD0f8LWVGZY8g7BvCg2WMpAwnm9WIi9nHZY5FM41seYcyqOQrgWnF_1zSI5v_KtnY9/exec?hs=c5f7ad222eb3f7b88c9458e7a21e1a83& on Apr 24, 2024
d6ykg7
By Sending a gift from us. GET > out.carrotquest.io/r?hash=YXBwPTYyNTczJmNvbnZlcnNhdGlvbj0xNzI3NDAzMjg5ODc3Njc3NTQzJmFjdGlvbj1jbGlja2VkJnVybD1odHRwcyUzQSUyRiUyRnRlbGVncmEucGglMkZHby10by15b3VyLXBlcnNvbmFsLWNhYmluZXQtMDUtMTAmcmFpc2Vfb25fZXJyb3I9RmFsc2U on Aug 1, 2024
07gamb
By Reminder; Operation NoXY20. Go to withdrawal => https://out.carrotquest.io/r?hash=YXBwPTYyNTczJmNvbnZlcnNhdGlvbj0xNzI3NDEzNTQ1Mzc4Nzc2OTE0JmFjdGlvbj1jbGlja2VkJnVybD1odHRwcyUzQSUyRiUyRnRlbGVncmEucGglMkZHby10by15b3VyLXBlcnNvbmFsLWNhYmluZXQtMDUtMTAmc on Aug 2, 2024
ofra9w
By You got a transaction from unknown user. Gо tо withdrаwаl > out.carrotquest.io/r?hash=YXBwPTYyNTczJmNvbnZlcnNhdGlvbj0xNzI3NDAzMjg5ODc3Njc3NTQzJmFjdGlvbj1jbGlja2VkJnVybD1odHRwcyUzQSUyRiUyRnRlbGVncmEucGglMkZHby10by15b3VyLXBlcnNvbmFsLWNhYmluZXQtM on Aug 5, 2024
nu2fln
By You have a gift from our company. GET >> https://out.carrotquest.io/r?hash=YXBwPTYyNTczJmNvbnZlcnNhdGlvbj0xNzI3NDEzNjI3NzgwMDcyNTMzJmFjdGlvbj1jbGlja2VkJnVybD1odHRwcyUzQSUyRiUyRnRlbGVncmEucGglMkZHby10by15b3VyLXBlcnNvbmFsLWNhYmluZXQtMDUtMTAmcmFpc on Aug 9, 2024
5t5npw
By + 1.8245498 BTC.NEXT - https://out.carrotquest-mail.io/r?hash=YXBwPTYzODQ0JmNvbnZlcnNhdGlvbj0xNzgyMzg3MzAxMzk4MDg4OTcwJmFjdGlvbj1jbGlja2VkJnVybD1odHRwcyUzQSUyRiUyRnRlbGVncmEucGglMkZHby10by15b3VyLXBlcnNvbmFsLWNhYmluZXQtMDgtMjUmcmFpc2Vfb25fZXJyb3I9RmFs on Sep 8, 2024
id34bo