Security of the gpg private keyring?

David Shaw dshaw at jabberwocky.com
Tue Mar 1 00:38:31 CET 2011


On Feb 28, 2011, at 5:40 PM, MFPA wrote:

> On Monday 28 February 2011 at 3:47:16 PM, in
> <mid:AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne at mail.gmail.com>,
> Guy Halford-Thompson wrote:
> 
> 
>> Thanks for the help, didnt really occur to me how much
>> info is available in the public keyring, guess you cant
>> do much about it tho.
> 
> 
> I think key UIDs generally reveal more information than I am
> comfortable with. For example, why does your UID need to contain your
> email address in plain text rather than as a hash? Searching for that
> email address would need to return any keys that matched on the hashed
> version in addition to any keys that matched on the plaintext version.
> Somebody knowing the email address (or name or hostname) could find
> the key but mere inspection of the key UIDs would not reveal all its
> owner's names, email addresses, etc.
> 
> I'm usually told such an option does not exist because it would serve
> no purpose and/or there would be no demand for it.

I think the problem here is the large size of the deployed infrastructure that expects user IDs to have email addresses in them combined with the relatively few people who are asking for this feature.  To make this change, you'd have to have a keyserver that could search in that manner, plus client support to make the hashes when talking to the keyserver, etc.  You'd have to handle the very-small-but-non-zero chance of a hash collision in the user ID, too.

It's a pretty big bite, and while it is an interesting idea, I suspect that there aren't enough people who want it for it to happen.

David




More information about the Gnupg-users mailing list