hashed user IDs [was: Re: Security of the gpg private keyring?]
johanw at xs4all.nl
Tue Mar 8 16:44:36 CET 2011
>>> Something that would not be necessary if the
>>> underlying openPGP implementations could handle hashed
>>> user IDs.
>> Isn't it much easier to use the key ID / signature for
>> that? You already have that.
> I don't understand.
Use the keyID / signature as the hashed user ID, since it (should)
uniquely identify the key. Since a hash is one way you can't derive the
email address from it anyway, from the keyID you also can't (directly)
deduce the email address.
ir. J.C.A. Wevers // Physics and science fiction site:
johanw at vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html
Public keys at http://www.xs4all.nl/~johanw/pgpkeys.html
More information about the Gnupg-users