Selecting primary UID
Werner Koch
wk@gnupg.org
Tue Jun 26 13:16:02 2001
|| On Tue, 26 Jun 2001 11:38:45 +0100
|| Lee Evans <lee@vital.co.uk> wrote:
le> This would suggest that I have signed it in my role as an agent
le> of Vital Online. I am no legal expert, but it would be arguable
There used to be no role concept in PGP and that is what's implemented
in GnuPG. A signature does not carry any information which user ID
was used to create the signature - just the key. That's a property of
digital signatures: Signing a message just states that you are owning
a certain piece of information. With OpenPGP this is just the key.
The good news is that OpenPGP defines an optional piece of
information:
5.2.3.21. Signer's User ID
This subpacket allows a keyholder to state which user id is
responsible for the signing. Many keyholders use a single key for
different purposes, such as business communications as well as
personal communications. This subpacket allows such a keyholder to
state which of their roles is making a signature.
However I have not yet seen this used and it is not implemented in
GnuPG. The definition in OpenPG is also not very clear because it does
not state how this information is made up. We can just assume that it
is the entire user ID packet - not very space efficient.[1]
le> user ID, just the associated self-signature. The UID will still
le> remain with the key, and I assume the previously signed keys will
That is the same as with the phone directory - You can walk
into a public library and lookup old phone numbers and addresses.
No way to avoid it.
Werner
[1] If your company really has a need for this, please contact me at
wk@g10code.com and we can talk about that.
--
Werner Koch Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions -- Augustinus