hashed user IDs [was: Re: Security of the gpg private keyring?]

Johan Wevers johanw at xs4all.nl
Tue Mar 8 16:44:36 CET 2011

MFPA schreef:

>>> Something that would not be necessary if the
>>> underlying openPGP implementations could handle hashed
>>> user IDs.
>> Isn't it much easier to use the key ID / signature for
>> that? You already have that.
> I don't understand.

Use the keyID / signature as the hashed user ID, since it (should)
uniquely identify the key. Since a hash is one way you can't derive the
email address from it anyway, from the keyID you also can't (directly)
deduce the email address.

ir. J.C.A. Wevers         //  Physics and science fiction site:
johanw at vulcan.xs4all.nl   //  http://www.xs4all.nl/~johanw/index.html
Public keys at http://www.xs4all.nl/~johanw/pgpkeys.html

More information about the Gnupg-users mailing list