Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Most printers keep a copy of what they print in memory. And some printers do so for a very long time (up to 2 years in my experience, it had an internal hard drive). So be sure to destroy your printer before getting rid of it if you print your GPG key with it.

Also, many new printers comes with internet connection (some even over 3G) and contact the vendor when ink is running low or maintenance is needed. The problem that they are not always well protected against attacks from the network.

At my university, we had a case of a printer which has been hacked and many giga of scanned and printed documents were downloaded. Fortunately the attacker couldn't find a way from the printer to other devices on the network (computers, hubs…), but some people had scanned their ID card for instance, which was a problem they really hadn't forseen…



In this case, it's enough to make sure that your key is encrypted with your (good) passphrase before you print it:

"if your key has a passphrase on it (i.e. is encrypted), the paper copy is similarly encrypted. If your key has no passphrase, neither does the paper copy."


Would you really want to leave it encrypted on paper though?

I would have the paper as a long term backup - including a backup in case I forget the password, or am incapacitated.


If this is your big concern, then write the password down on the paper (with a pencil or something, not as part of the print job). The paper is then no more secure than if you'd printed the paper in cleartext, but any copy kept by the printer would still be encrypted.


I see your point, but I prefer to see the passphrase that protect my GPG key as a bonus time to revoke it and generate a new one in case my key is compromised, rather than a protection sufficient to assume that the encrypted version of my key can safely be public.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: