hashed user IDs [was: Re: Security of the gpg private keyring?]

Robert J. Hansen rjh at sixdemonbag.org
Thu Mar 10 04:10:40 CET 2011

On 3/9/2011 10:01 PM, Ben McGinnes wrote:
>> Imagine you are Tunisian or Libyan or some other nationality where
>> disagreeing with the regime might get you killed. Would you want
>> your name and email associated with another's keyring? Or would you
>> prefer anonymity?
> Another perfectly good reason for wanting to conceal identifying
> information.  There are, no doubt, plenty.

I think it should also be noted that if I was serious about trying to
overthrow a government, I'd create a bare certificate without a name or
an email address on it.  I'd also use it as infrequently as possible and
try to avoid any technology more complicated than, say, a wheel, lever,
or inclined plane.

GnuPG will not keep your communications secure against major adversaries
who are willing to torture you for so long you think you've made an
unfortunate lateral career move.  It's just a tool in the toolbox.
You're going to need the rest of the toolbox, too.

More information about the Gnupg-users mailing list