Including public key

Jay Litwyn brewhaha at
Thu Jul 28 13:53:41 CEST 2011


On 2011-07-27 8:25 PM, Len Cooley wrote:
> Well, let me ask you this. Is it useful/useless/ridiculous/orwhat to 
> attach your public key as a sig at the end of an email, such as
> below?

It depends on the environment of your receiver.
Would they be subject to seeing your signature replaced?
Do any policies concern the use of cryptography at their workplace or
domicile, say in jail or in a country where Blackberry crypto is an
issue (India, if I remember correctly)?
Do they live in a country that accepted U.S. export restrictions on
cryptography (probably Russia)?
Is your recipient a public figure (about whom there might be motivation
to pull a Murdoch) or an ex convict (about whom there might still be
search warrants)?
In any of the rejions where cryptography is controlled, it is a better
idea (than simply sending a public key with no signatures on it other
than yours) to be creative with the hash on your public key; perhaps
telephone verification, perhaps you can personally meet someone on the
web of trust.

While the Physics of public key cryptography are air tight,
it depends on signatures on your public key to become robust
in the real world. I suspect that you are more likely to get
those if you release your key on servers, and sign a lot of stuff
that people consider important. Attaching a photo to your public
key might help. So might putting a phone number on your public key.
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla -


More information about the Gnupg-users mailing list