Public Keyring Security

Robert J. Hansen rjh at sixdemonbag.org
Mon May 25 09:06:09 CEST 2020


> Obviously I know you can install it an encrypted volume (depending on
> your OS) but was curious if the program or even the "pgp standard" took
> that into consideration or am I just too bored and that it's a stupid idea?

The OpenPGP standard dates back to the mid-1990s, when PGP 3 was first
being considered.  (It was never released: the next version of PGP was
actually PGP 5.)  Our understanding of the risks of metadata have
evolved significantly since then: it's possible that if OpenPGP were
being designed fresh today on a clean sheet of paper there would be some
mechanism in place to obscure or conceal metadata.

Which is, of course, another way of saying that at present OpenPGP is
completely silent on this subject.  If you want your public keyring to
be a confidential secret, the way to do that is to store it on an
encrypted file system.




More information about the Gnupg-users mailing list