Paperkey for Revocation Certificates? (Feature-Request :-)

David Shaw dshaw at
Mon Oct 6 01:49:32 CEST 2008

On Oct 5, 2008, at 3:40 PM, Sven Radde wrote:

> Although David's awesome little tool [1] reduces the chance of  
> losing a
> secret key, I am still a fan for pre-generated revocation certificates
> in case a key is irrecoverably lost.
> David, is there a chance that you will extend paperkey so that it
> encodes and decodes revocation certificates? Adding a line-wise CRC to
> those seems particularly sensible to me as they would be printed to
> paper even more often than keys. I am unsure as to how much they could
> be shortened, though.

Paperkey does its trick by removing everything unnecessary from the  
secret key, and printing that out in an easily retyped (or OCRed)  
format.  This works well for secret keys, as the secret bits are only  
around 10-15% of the size of the key (most secret keys can be  
represented in as few as 170 bytes, which can be easily retyped in a  
few minutes).  A revocation certificate, on the other hand, doesn't  
have all that much that can be removed.  Luckily revocation  
certificates are pretty short to begin with.  The only real advantage  
that paperkey could bring to revocation certificates is the per-line  
CRC, which makes retyping easier.

> And, btw, is there a significant difference between 0.7 that ships  
> with
> Ubuntu and 0.8 on

Noteworthy changes in version 0.8 (2008-02-01)

     * The file format is now included as part of the base16 output, as
       there is no guarantee that this program will be on-hand when a
       reconstruction is necessary.  The format can also be displayed
       via the --file-format command.  Suggested by Brendan Kidwell.

     * Some bug fixes (actually to gnulib, but relevant here as well)
       to the SHA-1 code on platforms that require aligned access.
       Thanks to Peter Palfrader.

     * New --comment option to add comments to the base16 output.

No major difference - just some convenience stuff and a bug fix that  
probably doesn't apply to you (you'd know it if you were on one of the  
platforms that had the gnulib bug because paperkey wouldn't run at all).


More information about the Gnupg-users mailing list