Secret key holder identity (was: Local file encryption)
Janusz A. Urbanowicz
alex at bofh.net.pl
Tue Feb 20 15:24:40 CET 2007
On Mon, Feb 19, 2007 at 10:54:17AM -0800, NikNot wrote:
> On 2/19/07, Adam Funk <a24061 at yahoo.com> wrote:
> >Is there any reason to physically secure your *public* keyring in
> >... (Well, I suppose you might want to hide your secret identity!)
>
> Unfortunately, the whole GPG, with WebOfTrust construct, makes the
> assumption that there is no need whatsoever to protect the identity of
> the secret key holder (and, by extension, that traffic analysis - as
> opposed to the secret content analysis - is not something to be
> concerned with).
That statement is definitely not true.
* PGP was the first cryptosystem to hide sender's ID (when signing+encrypting),
compare PEM to see the difference;
* one can issue himself a key pair with pseudonym User ID the same way
as with RL identity and use it normally;
* without having recipient pubkey it is impossible to determine the recipient of the message
(assuming the subkey ID is not widely known)
* it is possible to hide recipient's completely ID by using --throw-keyid
Alex
--
JID: alex at hell.pl
PGP: 0x46399138
od zwracania uwagi na detale są lekarze, adwokaci, programiści i zegarmistrze
-- Czerski
More information about the Gnupg-users
mailing list