hashed user IDs [was: Re: Security of the gpg private keyring?]
Ben McGinnes
ben at adversary.org
Fri Mar 11 07:44:57 CET 2011
On 11/03/11 7:44 AM, Daniel Kahn Gillmor wrote:
>
> If you want to keep the fact that one keyholder has verified another
> keyholder's identity secret, you cannot solve that by obscuring the
> User IDs.
>
> The right way to solve that is with non-exportable OpenPGP
> certifications, which must be passed between users explicitly.
Ah, this is what I've been looking around for! For the sake of the
archives, how does one provide a non-exportable certification?
Obviously the export flag won't cut it.
Regards,
Ben
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110311/538d48fb/attachment-0001.pgp>
More information about the Gnupg-users
mailing list