Question for app developers, like Enigmail etc. - Identicons

Ben McGinnes ben at
Sun Jun 4 11:50:08 CEST 2017

On Sun, Jun 04, 2017 at 11:21:33AM +0200, Stefan Claas wrote:
> Hi,
> i like to ask application developers if it's possible to implement,
> in the future, identicons like for example Bitmessage has?

It's possible, but it's highly unlikely that anyone would bother
creating what is essentially Gravatar for GPG.

Especially since the protocol already supports key owners including a
pictrure with their key.  Most people don't do that either.

> The reason why i ask, i started to use Thunderbird with Enigmail and
> Enigmail shows me always Untrusted Good Signature with a 32bit key ID,
> when i have not carefully verified the persons pub key and --lsign'ed
> the pub-key. Showing only the long key id or the complete fingerprint
> is imho more difficult to quickly memorize than an additionial shown
> identicon (computed from the fingerprint).

You shouldn't need to memorise it.  In Enigmail you can create rules
for addresses to link to preferred keys, as well as set whether or not
to encrypt all messages or just sign and so on.  Most MUAs which
support GPG provide some method of doing this and GPG itself supports
that function with group lists in the gpg.conf file.

If the version of GPG you have installed supports it, you should
probably add this to your gpg.conf:

    trust-model tofu+pgp
    tofu-default-policy unknown

That will gradually build a more practical web-of-trust which keeps
track of seen keys for you.

> P.S. With scallion it took me only seconds/or a minute to generate
> a fake pub-key with the same 32bit key id, on my old notebook.

Yes, this has been possible for a long time now.  Most people use a
64-bit view for that reason.  This is now the default view in GPG 2.1,
along with displaying the full finterprint.  If you do not have GPG
2.1.x installed, such as if you're using GPGTools on OS X or GPG4Win,
then add "keyid-format 0xLONG" to your gpg.conf file.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: </pipermail/attachments/20170604/4d2144d7/attachment-0001.sig>

More information about the Gnupg-users mailing list