asymmetry of 'adduid' and 'deluid'
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Jul 24 16:08:10 CEST 2012
On 07/24/2012 09:58 AM, vedaal at nym.hush.com wrote:
> Recently added a uid and deleted a uid to one of my keys.
>
> Found that to add a uid, gnupg asks for the passphrase, but to
> delete a uid, it does not.
>
> (Doesn't really matter much, since the secret key is required for
> both,
> but was curious if there is any underlying reason why gnupg does it
> this way.)
possession of the secret key is not required for deluid, actually.
look at it this way:
deluid is just an edit of your local keyring -- it removes a handful of
packets (note that if the key is already on the public keyservers or
someone else has a copy, they will still have the user ID that you deleted).
adduid, on the other hand, requires the creation of a new cryptographic
signature: the self-sig made by the primary key over the user ID. To
create this self-sig, gpg needs access to the secret key material for
the associated primary key.
make sense?
hth,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20120724/d16ac5f6/attachment.pgp>
More information about the Gnupg-users
mailing list