Comparison of RSA vs elliptical keys

Stefan Claas sac at
Fri May 15 02:07:35 CEST 2020

Andrew Gallagher wrote:
> > On 14 May 2020, at 23:42, Stefan Claas <sac at> wrote:
> > 
> > When you work in compliance mode it should be IHMO possible that
> > people wishing to communicate with you (from foreign countries) and
> > may have a different opinion about privacy, GnuPG should accept
> > such public keys, without using extra parameters and that you can
> > easily add them to your key ring, with a simple label, thus not
> > revealing the identity of them, in case your computer or smartphone
> > gets later compromised or is searched at an airport etc.
> So your device is compromised by the feds and you’re worried about
> your gpg keyring leaking contact information, but not your inbox or
> your address book? And how does your encryption system work if it
> doesn’t maintain a mapping between email IDs and keys? I’m not
> convinced this threat model has been fully thought through. 

Good question!

First of all I do not keep an address book on my computer
nor on my smartphone and I use not only simple smpts channels.

Regarding the mapping of email IDs and keys. When I use labels
for my keys, in my keyring, it contains only simple stuff like a
nickname for example, because the peoples email addresses I know
also without using GnuPG, hence I use command line mode and no
common plug-ins. I do not say that people should follow
this procedure, but like I previously said GnuPG should allow
such an option. I am also used to use other communication
channels, beside standard smpts, where this works too.

I don't know if you, for example, knows RSA public key encryption
before PGP was invented. There was no such things like key-IDs
email mappings etc. and people lived with it, while using email.

If you check out GitHub, GitLab etc. for public key encryption
software you will rarely find tools, if any, which use the same
email, key-ID mapping approach GnuPG uses. and people do not
complain about it.

And last but not least, GnuPG is a very flexible tool with
many many command line parameters, so why not allow this option
too for users, wishing to use UID-less public keys?

I see no harm in it, only an enrichment in it's feature set.


Signal (Desktop) +4915172173279

More information about the Gnupg-users mailing list