keys require a user-id

Stefan Claas sac at
Tue May 19 17:22:18 CEST 2020

Robert J. Hansen wrote:
> > With the freeform approach, when I would have to use (auto)
> > generated random chars or the fingerprint then I would have
> > problems memorizing if this was your, dkg's or Werner's public
> > keyblock and it could be also more error prone (typos), when using
> > this method, in CLI mode.
> --group {name=value}
>         Sets up a named group, which is similar to aliases in email
> pro‐ grams.  Any time the group name is a recipient (-r or  --recipi‐
>         ent),  it  will  be  expanded  to the values specified.
> Multiple groups with the same name are automatically merged into a
> single group.
>         The  values are key IDs or fingerprints, but any key
> description is accepted. Note that a value with spaces in it will be
> treated as  two  different  values. Note also there is only one level
> of expansion --- you cannot make an group that  points  to  another
>         group.  When  used from the command line, it may be necessary
> to quote the argument to this option  to  prevent  the  shell  from
>         treating it as multiple arguments.
> The feature you want, GnuPG already has.  If my certificate had no
> email address listed, you could put
> 	group rjh at
> ... and then whenever you asked GnuPG to encrypt something for
> rjh at, GnuPG would silently substitute my certificate.

Thanks for the info, I was not aware of it.

> So let's recap:
> * PII-free UIDs are possible today
> * Nobody is forced to put PII in a UID
> * Certificates can be relabeled with the 'group' option
> It really seems like after all this discussion the only thing left is
> you think GnuPG ought do a better job documenting how to create a
> PII-free UID.  And if you can get the community to back you on that
> I'll draft it myself.

I doubt that I can get the community to back this ... But thanks for
the offer.


Signal (Desktop) +4915172173279

More information about the Gnupg-users mailing list