hashed user IDs [was: Re: Security of the gpg private keyring?]

Ben McGinnes ben at adversary.org
Fri Mar 11 07:44:57 CET 2011

On 11/03/11 7:44 AM, Daniel Kahn Gillmor wrote:
> If you want to keep the fact that one keyholder has verified another
> keyholder's identity secret, you cannot solve that by obscuring the
> User IDs.
> The right way to solve that is with non-exportable OpenPGP
> certifications, which must be passed between users explicitly.

Ah, this is what I've been looking around for!  For the sake of the
archives, how does one provide a non-exportable certification?
Obviously the export flag won't cut it.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110311/538d48fb/attachment-0001.pgp>

More information about the Gnupg-users mailing list