New smart card / token alternative

vedaal at vedaal at
Wed Nov 8 16:27:08 CET 2017

On 11/7/2017 at 12:10 PM, "Peter Lebbing" <peter at> wrote:

>How exactly can the identity ever be unknown when we're talking 
>about stuff encrypted to an OpenPGP public key or signed by one? That's a
>completely unique identifier!


 Well, if someone were really *crazy enough* he could send the PGP encrypted message using --throw-keyid to all email sites listed on PGP keyservers ... (i hope no one is *that* crazy ... ;-)   )

or, more practically, just post anonymously to a blog or website, using --throw-keyid,
with a pre-arranged understanding that the sender and receiver post to and check certain websites

This could be facilitated by Tails/Tor, although there are still some vulnerabilities:


More information about the Gnupg-users mailing list