Encrypted storage of critical data requires proper management of cryptographic keys to ensure they are protected from theft and loss as long as access to the encrypted critical data is required. This includes the need for suitable backup and restoration approaches.
David Shaw, who is the author of the tool Paperkey which helps export private keys to paper, presents the argument that the actual durability of most storage media cannot measure up to the durability of paper. Unfortunately, proper tooling to support a paper-based backup of not only private keys, but also key pairs, certificates and other (rather small) critical files is almost non-existant, or adds complexity that may backfire in case of a recovery.
Harpocrates is a paper-based backup and restore tool under Linux and consists of two scripts along with two commandline tools:
The bash script paperbackup.sh takes a file and generates a two-column, possibly multi-page PDF document containing a hex dump. Every row starts with a continuous 2-byte CRC16 checksum covering all original data up to and including the current row, followed by up to 14 bytes of original data. The PDF document can then be printed and stored in a safe location.
If a file needs to be restored, the printed hex dump can be entered row-by-row into a text file using a plain text editor, which now may contain typos or omitted rows. The bash script paperrestore.sh takes such a text file, processes all rows by computing the CRC16 checksum of all original data and comparing it to the printed CRC16 checksum. If no error is detected, the CRC16 checksum is stripped and the original file restored. If an error is detected, the erronous row with its address is returned on standard error to help compare and fix the text file with the printed hex dump.
You can find further details on the Github page of the tool which has been published under the Apache License 2.0.
