Garbled data in keyservers

Stefan Claas stefan.claas at
Thu Dec 6 14:05:37 CET 2018

On Thu, 06 Dec 2018 11:42:32 +0100, Werner Koch wrote:
> On Thu,  6 Dec 2018 10:22, stefan.claas at said:
> > As long as we have the option to add additional UID's  to a key my  
> You can't add an UID to a key without having a signature from the
> primary key.  If the keyservers accept that any OpenPGP implementation
> will simply skip such an UID.

Understood. Please check this example, a key with with plenty of data,
which only needs to be extracted.

> > People then would only need a little program to dearmor and
> > extract the data from that key UID's.  
> But they can't search for it on public servers.  Thus there is no gain
> here.  If you require a dedicated program anyway, that program can
> anyway consult one of the Tor hidden servers.  But no search engine
> will show it.

That's right, but my thought is / was someone can (ab)use key servers
as data storage / retrieval system and then only provides the key id
in a link.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: Digitale Signatur von OpenPGP
URL: <>

More information about the Gnupg-users mailing list