ping - Governikus
andrewg at andrewg.com
Tue Nov 3 01:06:38 CET 2020
> On 2 Nov 2020, at 19:55, Stefan Claas <spam.trap.mailing.lists at gmail.com> wrote:
> On Mon, Nov 2, 2020 at 7:12 PM Stefan Claas
> <spam.trap.mailing.lists at gmail.com> wrote:
>> I think a solution to this problem could be PBKDF2 hashed data
>> in the UID, but developing an OpenPGP certifying workflow could
>> be a bit tricky.
> To be more precise, the name 'Stefan Claas' would be still readable in the
> UID but the additional hashed data would be displayed as a hash, like in
> the code example and it would have hashed additional data from my ID-card.
> Because the other Stefan Claas would not have the same hash string in the
> UID this could be a working solution.
Aha, so what you’re looking for is a signature over a nonced, hashed ID but without the plaintext ID being attached - in which case do you even need the plaintext “real name” at all? After all, if there are only two Stefan Claases in Germany you’ve already leaked far too much information for the subterfuge to be worth the effort. What’s the use case?
More information about the Gnupg-users