32

Is there a standard for storing a public key printed on paper? Say, I want to hand out business cards with my public key pre-printed on them at a key signing party to help build the web of trust.

My understanding is that the standard for storing a public key in a computer file is: store that key as a long string of hex digits in a file in PKCS #12 format.

I suppose I could simply print out out a long string of hex digits on paper (either the short public key fingerprint used to confirm a public key from some other source -- see " How should I distribute my public key? " -- or perhaps print the entire full public key). Then my friends could manually type them in. But it seems like it might be more convenient and less error-prone if I to print some sort of barcode on my business cards containing the same data, such as a "Data Matrix code" or an "Aztec Code" or a "QR code".

Is there a standard for printing a public key as a barcode?

Is there a standard for printing a public key fingerprint as a barcode?

Community
  • 1
David Cary
  • 2,720
  • 4
  • 19
  • 20
  • 1
    I've made QR bar codes out of vcard with PGP fingerprints with success. – Dog eat cat world Jun 18 '12 at 22:50
  • 1
    Why not print a link to a short url (e.g bitly) to where you keep your key? Then you have eliminated the need for the recipient to have compatible barcode reading software. The url could even include the key. – Stuart Woodward Jun 25 '12 at 22:50
  • 1
    ["QR and Encryption"](http://code.google.com/p/androidonthespot/wiki/QRandEncryption) suggests putting the message digest of a public key in a QR code on a business card. – David Cary Aug 16 '12 at 07:12
  • 1
    related: ["Putting my PGP ID/link on printed business cards"](http://security.stackexchange.com/questions/70501/putting-my-pgp-id-link-on-printed-business-cards). – David Cary Oct 13 '14 at 13:50

2 Answers2

8

One can definitely print a QR code for displaying the public key. The modulus of the RSA Key for example of 1024 bits/128 bytes can be converted to a base64 encoded string and converted to QR code which can be printed on the visiting card.

The challenged which will be faced are:

  1. The base64 encoded data will be around 160 or greater in length; which shall increase the density of the QR code. The size of the bar code will be needed to increased and shall be a challenge to fit it in the visiting card.
  2. The number of mobile devices with QR Code Scanner capable of scanning such high capacity codes will be lesser. Hardware scanner can do but mobile scanners will struggle.

The easier option shall be (if you are using a CA issued certificate) is to encode the certificate serial number and the URL of the CA from where the certificate can be fetched. In this case the data in the QR code will be very less and can be easily scanned by the mobile devices. You can have a computer software which can decode the bar code; hit the URL and install the certificate in the system.

Mohit Sethi
  • 692
  • 4
  • 7
  • 2
    Of course there are risks with using a QR code for a URL, as per our blog post: http://security.blogoverflow.com/2012/05/qotw-26-malicious-qr-code-and-mitigation/ – Rory Alsop Jun 19 '12 at 10:32
  • 2
    Just checked - 160 bytes is perfectly feasible on a business card size, and it seems to be fine on the free QR reader my phone came with. – Rory Alsop Jun 19 '12 at 10:35
  • Be aware; the iso-8859-1 way of encoding a byte array in a QR code can have some issues while decoding in some of the reader software. If we go for base64 encoding than we have to bear the overhead of encoding. Yeah security issues exists with URL over barcode; but than we can have our own reader which is designed only for fetching certificates or parsing public keys. Using the very popular Zxing library It is quite possible. – Mohit Sethi Jun 19 '12 at 10:58
5

I'm not aware of any standard, but it's quite common to create QR codes with the OPENPGP4FPR scheme containing the OpenPGP fingerprint of your key (and not the whole pubkey itself which can be simply retrieved from the keyservers).

More information about how to create such a QR code can be found in this Stackexchange answer.

Community
  • 1
Flow
  • 325
  • 3
  • 7