Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Producing printable QR codes for persistent storage of GPG private keys
# Heavily depends on:
# libqrencode (fukuchi.org/works/qrencode/)
# paperkey (jabberwocky.com/software/paperkey/)
# zbar (zbar.sourceforge.net)
# Producing the QR codes:
# Split over 4 codes to ensure the data per image is not too large.
gpg --export-secret-key KEYIDGOESHERE | paperkey --output-type raw | base64 > temp
split temp -n 4 IMG
for f in IMG*; do cat $f | qrencode -o $f.png; done
# Importing the QR codes:
# Note that, when making scans or photographs, you do not produce large images.
# If zbar does not recognise your QR code, try downscaling the image.
for f in IMG*.png; do zbarimg --raw $f | head -c -1 > $f.out ; done
cat *.out | base64 -d | paperkey --pubring ~/.gnupg/pubring.gpg | gpg --import
@jgogstad
Copy link

jgogstad commented Aug 25, 2018

What's the reason for passing the output from zbarimg through head -c -1? What's up with the last byte? Is it for dropping newlines?

Edit: Yes it is

@elquimista
Copy link

elquimista commented Nov 12, 2018

head -c -1 should be just head (without any args) in macOS.

@ShmuelLevine
Copy link

ShmuelLevine commented Sep 19, 2019

@stueja - This was extremely helpful. The only real suggestion I have is in the following section:

### CONVERT TEXT KEYS TO PNG FOR PAGE GENERATION
# Ref: http://www.imagemagick.org/script/command-line-options.php#family
echo "Converting textual key parts to png:"
for f in x*.txt; do convert -family Courier $f txt-$f.png; done

it would be preferable to append TEXT: to the input filename to ensure that imagemagick properly reads the file as a text file. Otherwise, it may not accept the input file, since, by default, .txt files are not interpreted as raw text (at least in the version running on my machine).

Thus, I would suggest amending the line in question to:
for f in x*.txt; do convert -family Courier TEXT:$f txt-$f.png; done

Incidentally, given its usefulness, it seems to me that it's a little unfortunate for your script to be hardcoded to only work for pgp keys, as it is equally useful for storing other data such as SSH keys. If I get a chance, I'll try to cobble together some additional header lines that will allow the script to either use the pgp key as you've done or to accept any text from stdin (so that any key could be piped to it).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment