info in sigs, comments and header

Robert J. Hansen rjh at
Mon Jun 16 21:44:06 CEST 2008

Rick Valenzuela wrote:
> Is there any customary practice for including GnuPG/PGP information in
> an email -- whether to put it in your sig file, or in the comments of
> your GnuPG signature? Is it  useful (or preferred) to have the GnuPG
> version in the GnuPG signature comment, or frowned on to use/not use the
> comment from Enigmail or FireGPG?

If you use Enigmail, you can tell Enigmail to add an email header
indicating your OpenPGP key id.  This seems to be about as low-intrusive
a method as any.

> but who looks in headers?

Technically savvy people -- which happens to be the same demographic
which tends to use OpenPGP, unfortunately enough.  OpenPGP's penetration
into the layman's world of computing is practically nil.

> What are your practices for this? Is anything seen as useless or gauche?

A brief "OpenPGP: 0xDEADBEEF" is probably not going to get you any hate

I run my key fingerprint across the bottom of my business cards.  That
way when I meet someone, we trade information and they now have a
trusted copy of my fingerprint, delivered directly from my hand.  Since
I work in a very technical field, most people who get my card understand
what it is -- it's been a conversational icebreaker at several conventions.

It's also very handy for impromptu keysigning parties.  A couple of
weeks ago I was sitting in a coffeeshop with a Canadian doctoral student
in CS, a sysadmin for, and a couple of fellow voting
researchers.  I put my passport and a stack of business cards on the
table, and presto, everyone had the opportunity to confirm my identity
and get a copy of my fingerprint.  It was a lot more convenient than if
I'd had to say "hold on a second...", boot up my laptop, grab a stack of
napkins, and laboriously hand-copy my fingerprint from a terminal window
onto napkins again and again for each person who was sitting at the table.

More information about the Gnupg-users mailing list