My main usecase for pgp keys is to get that sweet sweet commit verification. In the incredibly unlikely attempt someone were to ever try to impersonate my commits they would lack my signature.
Refs:
Use paperkey
Take the secret key in key.gpg and generate a text file to-be-printed.txt that contains the secret data:
paperkey --secret-key my-secret-key.gpg --output to-be-printed.txt
Take the secret key data in my-key-text-file.txt and combine it with my-public-key.gpg to reconstruct my-secret-key.gpg:
paperkey --pubring my-public-key.gpg --secrets my-key-text-file.txt --output my-secret-key.gpg
If –output is not specified, the output goes to stdout. If –secret-key is not specified, the data is read from stdin so you can do things like:
gpg --export-secret-key my-key | paperkey | lpr
nix run "git+https://git.dayl.in/daylin/utils#key2mtx" -- --output data.pdf
This way the secret key never exists on disk in a readable format and is instead streamed directly to the print server.
KEY_ID="<KEY>"
SERVER="server"
gpg --export-secret-subkeys --armor "$KEY_ID" | ssh $SERVER gpg --import
ssh $SERVER bash <<EOF
FP=\$(gpg --fingerprint --with-colons "$KEY_ID" | awk -F: '/fpr:/ {print \$10; exit}')
echo "\${FP}:6:" | gpg --import-ownertrust
EOF
``
---
Using [datamatrix](https://schnouki.net/post/2010/howto-backup-your-gnupg-secret-key-on-paper/) to store the key.
[ref](https://caerul.net/post/notes-on-using-gnupg/)
[paperkeyless strategy](https://www.saminiir.com/paper-storage-and-recovery-of-gpg-keys/)