Exporting Public Keys without Signatures?

Martin's Avatar

Martin

05 Oct, 2013 09:33 PM

I get sometimes asked not to upload my public key(s) with signatures from other GPG users, apparently they want to avoid that their social graph can get easily mapped through key server data.

GPG (and GPG Keychain Access) seem to export public keys with signatures by default, so is uploading public keys with signatures really an issue? What's about the Web of Trust if you upload public keys without signatures?

(And is there an option in GPG Keychain Access to export public keys without signatures? (Like gpg --export --export-options export-minimal on the command line.)

  1. Support Staff 1 Posted by Luke Le on 31 Oct, 2013 02:15 PM

    Luke Le's Avatar

    Hi Martin,

    while the request is valid, it does indeed break the Web Of Trust. I don't think it's that "easy" to re-produce the social graph, but of course it's possible.

    GPG Keychain Access doesn't currently provide this option, but if more user request it, we'll add this feature.

    I've added a ticket where you can track progress:
    https://gpgtools.lighthouseapp.com/projects/65684-gpg-keychain-acce...

  2. Steve closed this discussion on 31 Oct, 2013 02:22 PM.

  3. martinsteiger re-opened this discussion on 01 Nov, 2013 05:12 PM

  4. 2 Posted by martinsteiger on 01 Nov, 2013 05:12 PM

    martinsteiger's Avatar

    Hi Luke,

    Thanks!

    Since there is no undo for an export to a key server, an export without
    signatures or at least a clear warning would actually seem to be a
    reasonable default. If you are serious about your GPG usage, you will have
    received many signatures and a substantial part of your address book would
    therefore be in the public. In addition, signatures contain personal data
    of other users, i.e., is is at least not clear if they agree that their
    signatures get public exposure.

    Best regards, Martin

  5. Support Staff 3 Posted by Steve on 02 Nov, 2013 02:17 PM

    Steve's Avatar

    All true and valid points. The ticket does exist. The downside is: this somewhat breaks the "web of trust".

    But it would be a good option to have.

  6. Steve closed this discussion on 02 Nov, 2013 02:17 PM.

  7. Steve closed this discussion on 25 Apr, 2017 08:57 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac