hashed user IDs [was: Re: Security of the gpg private keyring?]

Ben McGinnes ben at adversary.org
Wed Mar 9 14:11:16 CET 2011


On 9/03/11 2:44 AM, Johan Wevers wrote:
> MFPA schreef:
> 
>>>> Something that would not be necessary if the
>>>> underlying openPGP implementations could handle hashed
>>>> user IDs.
>>
>>> Isn't it much easier to use the key ID / signature for
>>> that? You already have that.
>>
>> I don't understand.
> 
> Use the keyID / signature as the hashed user ID, since it (should)
> uniquely identify the key. Since a hash is one way you can't derive
> the email address from it anyway, from the keyID you also can't
> (directly) deduce the email address.

Ah, but the keyID can already be used to locate a key, that's not what
MFPA is getting at.  What he wants is a function built into GPG and
the keyservers, possibly via some kind of proxy tool, to do this:

* User generates a key, when prompted for a name enters "Joe Citizen"
  and when prompted for an email address enters "joe at example.net"

* GPG or interface for it takes those strings and generates a hash
  (let's use SHA256 for this example) so the UID for the key appears
  to be:
  "7b7581fe6670a6a4a29b2fd46eaf5ac34a6a86d134fe8931729e66970b707349
  <466ffe71badce782db1808ee80bd01dabf0d95e4a3b8ccbbe5fcdc68b86c2bb9>"

* Anyone trawling through keys on a public server or downloading
  random keys cannot see who owns that key or what their email address
  is, but anyone who knows Joe or his email address can search the
  keyservers for that data because the hash can be calculated from the
  data they do have (e.g. joe at example.net) and search for the key with
  the matching hash.

This would allow someone to use a single key for multiple identities
or pseudonyms, without the information about those identities being
learned by different groups.  Well, probably not.

Personally, I think it's an interesting idea and I can see the value
in it, but I'm not sure there are enough people really pushing for it
(yet).  With things like the data retention legislation being pushed
in Europe, Australia and other countries, that may change.

Not that Werner has to worry since he's in Germany and they ruled that
the data retention legislation was unconstitutional.  Another reason
why we all love Germany now.  ;)


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110310/44dcc07c/attachment-0001.pgp>


More information about the Gnupg-users mailing list