On Tue, Nov 3, 2020 at 12:10 AM Andrew Gallagher <andr...@andrewg.com> wrote: > > > > On 2 Nov 2020, at 19:55, Stefan Claas <spam.trap.mailing.li...@gmail.com> > > wrote: > > > > On Mon, Nov 2, 2020 at 7:12 PM Stefan Claas > > <spam.trap.mailing.li...@gmail.com> wrote: > > > >> I think a solution to this problem could be PBKDF2 hashed data > >> in the UID, but developing an OpenPGP certifying workflow could > >> be a bit tricky. > >> > >> https://www.freecodeformat.com/pbkdf2.php > > > > To be more precise, the name 'Stefan Claas' would be still readable in the > > UID but the additional hashed data would be displayed as a hash, like in > > the code example and it would have hashed additional data from my ID-card. > > > > Because the other Stefan Claas would not have the same hash string in the > > UID this could be a working solution. > > Aha, so what you’re looking for is a signature over a nonced, hashed ID but > without the plaintext ID being attached - in which case do you even > need the plaintext “real name” at all? After all, if there are only two > Stefan Claases in Germany you’ve already leaked far too much information for > the subterfuge to be worth the effort. What’s the use case?
As we know OpenPGP compatible public key cryptography usually requires a UID, whether the ones we are used to or a freeform UID. My goal is to have a CA certified pubkey with only one UID and without an email address, so that the key pair can be universally been used, besides classic email, ie. Fax, Telephone, Radio, Blog post discussions, Bitmessage, File Transfer, Postcards, Letters, Social Media chats, Messengers and what not which all do not require an email address. In case of email it should be possible to use it for multiple email accounts or if email accounts change, to not edit the key or create a new key. Simply said, a certified multipurpose OpenPGP key for long term usage. Why the included Name and hash string? GnuPG users, I assume, are used to public keys including a name in the UID, for their keyring management and selecting keys with their MUA/NUA plug-ins. Since we mentioned that it can happen that many people bear the same name I thought/think it could be useful for certifying purposes that an additional hash string, composed from additional ID-card data, which can't be easily reversed, would be useful. Let's assume the following ... In case gnupg.com would expand their business and would also run a CA, I could simply send them per postal mail a CD, containing my pub key, with my name and the hash string and a photo of my ID-card. They simply could then compare the name on the key and photo plus in case of many Stefan Claases they could also verify the hash string by rehashing the data which I hashed from my ID-card, thus guaranteeing to third parties with their CA sig. that this universal public key, without an email address, belongs to me and not the other Stefan Claas. In case this would be not enough proof for the CA I could include on the CD an additional eIDAS signed .pdf document, including the fingerprint of my pub key. I also think that maybe many people would like to have a CA certified universal OpenPGP public key, without an email address. Regards Stefan _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
