Paper is a safe way to backup a secret key: you can't hack into it remotely, you
can hide it very easily, and you will still be able to use it in 50+ years. No
USB stick can do that...
If you want to store your GnuPG secret key on a paper sheet, it is quite simple
to do. You can use PaperKey, a small tool that strips all the useless data
from a secret key and formats it into a printable result. This is great, but the
result can be quite long: printing my 2048 bits secret key would take 3 pages.
But there is a nice way to store more data on a small surface: 2D barcodes, for
example in the DataMatrix format, using the great
libdmtx library. For
small keys, this is really easy:
gpg --export-secret-key KEY_ID | paperkey --output-type raw | dmtxwrite -e 8 -f PDF > secret-key.pdf
If your key is bigger (like my 2048 bits key), you will need to split it in
several parts, because the result of the
paperkey command will be too big to
be encoded in a single DataMatrix. Here is a simple method:
# Generates key-aa, key-ab, ...
gpg --export-secret-key KEY_ID | paperkey --output-type raw | split -b 1500 - key-
# Convert each of them to a PNG image
for K in key-*; do
dmtxwrite -e 8 $K > $K.png
You now have several PNG images that you can print together on a single page.
To restore your key, it's just as simple: scan each DataMatrix into a separate
image, decode them with
dmtxread, concatenate all the resulting files
cat...), and use
cat my-scanned-keys | paperkey --pubring ~/.gnupg/pubring.gpg > secret-key.gpg
Source: TPK Archival (by
David Shaw, creator of PaperKey).
This morning I read the latest Piled Higher & Deeper about égalité des
I am part of the few people who do a PhD after a grande école. The part about
"Good job €€€€" vs "Crappy job" is quite true -- except that, from what I
experienced, these "good jobs" are often boring, non-technical ones: contract
managers, directors, etc. The kind of job that takes 50+ hours a week, plus many
weekends. Not my cup of tea. And that is just why I decided to do a PhD: it is
very interesting and rewarding, and I have enough free time to do what I
like to do besides my work.
After more than two months of silence, I'm back! And, once again, with a brand
So, why did I change again? Many reasons: Tumblr was annoying (non-free, no
control over your data, simplistic template system). Before that, Dotclear
required constant attention to make it was up-to-date because of security issues
(and it would have been even worse with WordPress...). I realized that what
I really want is something that generates a static website: plain (X)HTML files
are much safer than any dynamic website! However I do not want to do
everything by hand, so I need something that generates these static files from
some human-readable markup (preferably Markdown). I also need to track
everything I do on my data, to backup it easily, and to be able to quickly
revert to an older version: I want to use Git on my blog. And since I now use
Emacs all day long, I definitely want something that integrates well in
Several static blog generators are available:
- BlazeBlogger: quite nice! Written in bash, Markdown syntax... However,
nothing for Emacs, and it uses a kind-of-version-control system that I do not
like very much (it adds a lot of files to my git repository and just logs
"this post was edited" without being able to revert to a previous version, so
what's the point?).
- nanoblogger: written in bash too. Seems too complex for what I want. Plus,
it describes itself as "slow"...
- Jekyll: close to perfect. It uses the Markdown syntax, has a nice template
engine, integrates very well with Git (it's hosted on GitHub, which I like
very much, and is even used for GitHub Pages). An Emacs mode is
available. It has some very good ideas, like its YAML front matter. But
Jekyll is written in Ruby, which is far from being my
favorite language, and it lacks some features I like (tags...).
I finally decided to do something much funnier: write my own blog engine in
Python. It took me a few days, but now it's done: Golbarg is born!
This brand new engine is written 100% in Python. It uses the Jinja 2 template
engine, python-markdown for turning Markdown into HTML, and PyYAML for
managing posts headers and metadata.
golbarg.el is bundled, so every Emacs
user can enjoy
golbarg-mode. And all of this is of course available under the
terms of the GNU GPLv3 license.
Golbarg is hosted on GitHub, as well as this blog. I also made
Golbarg available on the Python package index (yes, you can install it
with a simple
pip install Golbarg!). Except for the comments in the source
code, there is very little documentation available... So if you want to give
Golbarg a try, look at the source of this blog, it's probably the best way to
Last few words: the old RSS feed will be available for a few weeks. Be sure to
switch to the new feed as soon as possible!