Paperback offline backup

For disaster recovery purposes, it is crucial to always have access to all secrets that are needed to black start your environments from zero. Depending on your setup, those credentials can be

  • root passwords for secret managers
  • passwords for encrypted backups
  • GPG encryption keys
  • root credentials for cloud accounts
  • private keys for PKI infrastructures

To make sure the backup is secure and reliable, the following requirements should be met

  • it should be human and machine-readable, in a clear and easy-to-read format that is trivial to convert back to digital
  • should not be stored in plaintext but use a proper encryption algorithm
  • the encryption should support distributed trust, so that no single person in possession of the backup can access the secrets alone
  • be stored on non-digital mediums to avoid accidental deletion or exposure
  • have multiple copies that are geographically redundant and distributed to protect from single-point of failure (e.g., house fire or floods)
  • stored in a secure, tamper-proof location
  • written guides for rotation and recovery exist and are regularly tested and trained
  • include checksums or validation words to be able to verify the correct entry during recovery

paperback

Paperback is a paper-based backup scheme that is secure, easy-to-use and can fulfil those requirements. Backups are encrypted, and the secret key can be split into numerous key shards which can be stored separately (by different individuals), removing the need for any individual to memorise a secret passphrase.

Backup

To create a backup of your sensitive data using paperback, execute the following steps

Download

File Sha256 Checksum
Windows i686 80fe0f8c9f490c213897a1f9db51e615ec779db06e245ae624761217eaf3d77f
Windows x86_64 37833b70fc4c4a620e940242e596da437c557a3570c3472be07859afa7ff4e0f
Apple x86_64 50baacfcceb1aaa302972a7a5eb2e1946b07ed719efc9985b5cfed1eee09c070
Linux x86_64 41dbbb0e4e9b3217e16bb06ad4157d6dc2792e261790a005854bed915ec057e6

Write secrets to a file

Depending on the type of secrets you handle, you should consider running the backup process on a dedicated, non-networked machine that is booted from USB using a clean and verified ephemeral operating system, for example, grml or knoppix.

backup.txt

foo-bar

Create backup documents from a file

To create the backup you need to choose the total number of key_shards you want to distribute and a quorum which is the number of key shards needed to restore the secrets from the backup. For example, when you create 8 key_shards with a quorum of 3, then at least three key_shard holders are needed to restore the data.

paperback backup --quorum-size <quorum> --shards <key_shards> backup.txt

Distribute PDFs

paperback backup will create a main document with a unique document_id and n key shards with unique key_shard_id s

main_document-<document_id>.pdf
key_shard-<document_id>-<key_shard_id>.pdf
key_shard-<document_id>-<key_shard_id>.pdf
key_shard-<document_id>-<key_shard_id>.pdf
key_shard-<document_id>-<key_shard_id>.pdf

Each storage location should contain a copy of the main document and a single key shard.

Warning

When printing the documents, please keep in mind that the printer may keep your printed documents in memory or on disk.

Also consider to user archival paper, which is a grade of paper that is designed to last longer than ordinary copy paper.

Main document

The main document consists of

  • ❶ the document_id
  • ❷ the encrypted document data
  • ❸ a checksum that can be used to verify document data entry during restore

main document main document

Key shard

The key shard document contains

  • ❹ the key_shard_id
  • ❺ the document_id
  • ❻ the encrypted key shard data
  • ❼ a checksum that can be used to verify the key shard data entry during restore
  • ❽ codewords to decrypt the key shard data. Note that without the codewords, the key_shard can not be used for restore.

key shard key shard

Clean up

After document distribution, remember to clean up the machine where the backup was created and remove the PDFs and the secret file.

Recovery

Again, like during backup, consider using an ephemeral machine and operating system to securely restore your data. Start the interactive recovery process with the target file where the record data should be written to

paperback recover --interactive recover.txt

To recover, you need to enter

  • the encrypted main document data (❷)
  • at least a <quorum> number of
    • encrypted key shard data (❻)
    • codewords to decrypt the key shard data (❽)

into the recovery process

Enter a main document code (unknown number of codes remaining): <❷>

Main document checksum: ❸
Document ID: <document_id>
<quorum> key shards required.
Quorum contains [] key shards.
Enter key shard 1 of 2: <❻>

Key shard 1 checksum: ❼
Enter key shard 1 codewords: <❽>

Loaded key shard ❹.
Quorum contains [❹] key shards.
Enter key shard 2 of 2: <❻>

Key shard 2 checksum: ❼
Enter key shard 2 codewords: <❽>

Loaded key shard ❹.

The recovered data will be written to recover.txt