Paperkey for Revocation Certificates? (Feature-Request :-)
dshaw at jabberwocky.com
Mon Oct 6 01:49:32 CEST 2008
On Oct 5, 2008, at 3:40 PM, Sven Radde wrote:
> Although David's awesome little tool  reduces the chance of
> losing a
> secret key, I am still a fan for pre-generated revocation certificates
> in case a key is irrecoverably lost.
> David, is there a chance that you will extend paperkey so that it
> encodes and decodes revocation certificates? Adding a line-wise CRC to
> those seems particularly sensible to me as they would be printed to
> paper even more often than keys. I am unsure as to how much they could
> be shortened, though.
Paperkey does its trick by removing everything unnecessary from the
secret key, and printing that out in an easily retyped (or OCRed)
format. This works well for secret keys, as the secret bits are only
around 10-15% of the size of the key (most secret keys can be
represented in as few as 170 bytes, which can be easily retyped in a
few minutes). A revocation certificate, on the other hand, doesn't
have all that much that can be removed. Luckily revocation
certificates are pretty short to begin with. The only real advantage
that paperkey could bring to revocation certificates is the per-line
CRC, which makes retyping easier.
> And, btw, is there a significant difference between 0.7 that ships
> Ubuntu and 0.8 on jabberwocky.com?
Noteworthy changes in version 0.8 (2008-02-01)
* The file format is now included as part of the base16 output, as
there is no guarantee that this program will be on-hand when a
reconstruction is necessary. The format can also be displayed
via the --file-format command. Suggested by Brendan Kidwell.
* Some bug fixes (actually to gnulib, but relevant here as well)
to the SHA-1 code on platforms that require aligned access.
Thanks to Peter Palfrader.
* New --comment option to add comments to the base16 output.
No major difference - just some convenience stuff and a bug fix that
probably doesn't apply to you (you'd know it if you were on one of the
platforms that had the gnulib bug because paperkey wouldn't run at all).
More information about the Gnupg-users