Security of the gpg private keyring?

Grant Olson kgo at
Tue Mar 1 01:32:05 CET 2011

On 2/28/11 7:09 PM, David Tomaschik wrote:
> On 02/28/2011 05:40 PM, MFPA wrote:
>> I think key UIDs generally reveal more information than I am
>> comfortable with. For example, why does your UID need to contain your
>> email address in plain text rather than as a hash? Searching for that
>> email address would need to return any keys that matched on the hashed
>> version in addition to any keys that matched on the plaintext version.
>> Somebody knowing the email address (or name or hostname) could find
>> the key but mere inspection of the key UIDs would not reveal all its
>> owner's names, email addresses, etc.
>> I'm usually told such an option does not exist because it would serve
>> no purpose and/or there would be no demand for it.
> While I understand your concerns, I think it would just be nice if the
> owner of a key could set a flag on it indicating that they did not want
> their key published to keyservers.  Then privacy could be preserved with
> MUCH smaller changes to infrastructure.  (Though, admittedly, it might
> require a change in the OpenPGP spec, which would actually be much larger.)
> David

There actually is a 'keyserver no-modify' setting in the spec, and by
default just about every key has it turned on.

But to honor it the keyservers would have to do crypto.  And after that
it creates an issue with syncing.  If I upload a key to, and it tries to sync with, how do you maintain the custody chain?

Both problems are, as they say in engineering-speak, non-trivial.


"I am gravely disappointed. Again you have made me unleash my dogs of war."

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 570 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110228/0f6b8ac4/attachment.pgp>

More information about the Gnupg-users mailing list