Secret key holder identity (was: Local file encryption)

Janusz A. Urbanowicz alex at
Tue Feb 20 15:24:40 CET 2007

On Mon, Feb 19, 2007 at 10:54:17AM -0800, NikNot wrote:
> On 2/19/07, Adam Funk <a24061 at> wrote:
> >Is there any reason to physically secure your *public* keyring in
> >...  (Well, I suppose you might want to hide your secret identity!)
> Unfortunately, the whole GPG, with WebOfTrust construct, makes the
> assumption that there is no need whatsoever to protect the identity of
> the secret key holder (and, by extension, that traffic analysis - as
> opposed to the secret content analysis - is not something to be
> concerned with).

That statement is definitely not true. 

* PGP was the first cryptosystem to hide sender's ID (when signing+encrypting), 
  compare PEM to see the difference;

* one can issue himself a key pair with pseudonym User ID the same way
  as with RL identity and use it normally;

* without having recipient pubkey it is impossible to determine the recipient of the message
  (assuming the subkey ID is not widely known)

* it is possible to hide recipient's completely ID by using --throw-keyid

JID: alex at
PGP: 0x46399138
od zwracania uwagi na detale są lekarze, adwokaci, programiści i zegarmistrze
 -- Czerski

More information about the Gnupg-users mailing list