Access experimental subpackets of 'User Attribute Packet'

vedaal at vedaal at
Fri Aug 12 19:51:58 CEST 2005

David Srbecky dsrbecky at 
Thu Aug 11 18:19:54 CEST 2005 wrote:

] I have payed with the idea of using experimental subpackets
] of 'User Attribute Packet' and here is what I came up with:

] Named Attribute Subpacket (type 100)

] Datatypes:
    0 - reserved
    1 - no data (it is just named flag)
    2 - boolean
    3 - integer
    4 - UTF8 string
    5 - URL
    6 - image
    7 - binary
    8 - binary file
    100-110 - private or experimental use

] NB: Binary type holds just some unspecified binary data. 
] On the other hand, binary file type holds file that can 
] be saved to disk and the name 
] of the attribute represents its filename.

doesn't this pose some risk of exploit ?

suppose someone wants to put a malicious executable
as part of the packet,
and gives it some interesting name,

sends a pgp signed e-mail or posts a clearsigned message,
and gets people to download the key from a keyserver
to verify the signature

is there anything in gnupg that would prevent the running of the 
(i.e. is the key just 'ignored' or 'refused'
as 'key with unsupported packet type' ?

and can this protect against some type of malware corrupting the 
just by getting gnupg to 'check' the packet ?)


Concerned about your privacy? Follow this link to get
secure FREE email:

Free, ultra-private instant messaging with Hush Messenger

Promote security and make money with the Hushmail Affiliate Program:

More information about the Gnupg-users mailing list