GPG User ID Comments and RFC 5322

Werner Koch wk at
Mon Sep 21 10:03:40 CEST 2009

On Sun, 13 Sep 2009 19:04, philcerf at said:

>> (The exception is if you put a comment in that says the key is "insecure" or
>> "do not use", GPG will believe you)
> What if use insecure in another language? Or "non-insecure"? :P
> Apart from all that, I've read some pages of the RFC where it says
> User IDs are basically just strings without any special format. So
> shouldn't gpg ignore this comment-speciality from emails and just take
> it as strings?

That is what gpg does. 

The thing with "(insecure!)", "not secure" or "do not use" in a user id
is a hack to detect test keys likely created in a special testing mode
using a faked random number generator.



Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.

More information about the Gnupg-devel mailing list