or Create a profile

Home Stable

Exporting Public Keys without Signatures?

Martin's Avatar

Martin

05 Oct, 2013 09:33 PM

I get sometimes asked not to upload my public key(s) with signatures from other GPG users, apparently they want to avoid that their social graph can get easily mapped through key server data.

GPG (and GPG Keychain Access) seem to export public keys with signatures by default, so is uploading public keys with signatures really an issue? What's about the Web of Trust if you upload public keys without signatures?

(And is there an option in GPG Keychain Access to export public keys without signatures? (Like gpg --export --export-options export-minimal on the command line.)

  1. Support Staff 1 Posted by Luke Le on 31 Oct, 2013 02:15 PM

    Luke Le's Avatar

    Hi Martin,

    while the request is valid, it does indeed break the Web Of Trust. I don't think it's that "easy" to re-produce the social graph, but of course it's possible.

    GPG Keychain Access doesn't currently provide this option, but if more user request it, we'll add this feature.

    I've added a ticket where you can track progress:
    https://gpgtools.lighthouseapp.com/projects/65684-gpg-keychain-acce...

  2. Steve closed this discussion on 31 Oct, 2013 02:22 PM.

  3. martinsteiger re-opened this discussion on 01 Nov, 2013 05:12 PM

  4. 2 Posted by martinsteiger on 01 Nov, 2013 05:12 PM

    martinsteiger's Avatar

    Hi Luke,

    Thanks!

    Since there is no undo for an export to a key server, an export without
    signatures or at least a clear warning would actually seem to be a
    reasonable default. If you are serious about your GPG usage, you will have
    received many signatures and a substantial part of your address book would
    therefore be in the public. In addition, signatures contain personal data
    of other users, i.e., is is at least not clear if they agree that their
    signatures get public exposure.

    Best regards, Martin

  5. Support Staff 3 Posted by Steve on 02 Nov, 2013 02:17 PM

    Steve's Avatar

    All true and valid points. The ticket does exist. The downside is: this somewhat breaks the "web of trust".

    But it would be a good option to have.

  6. Steve closed this discussion on 02 Nov, 2013 02:17 PM.

  7. Steve closed this discussion on 25 Apr, 2017 08:57 PM.

Comments are currently closed for this discussion. You can start a new one.

  • New Issue

  • Conversation Started

  • The discussion is closed

    No more actions from GPGTools or the discussion starter are required.

    #202 state: closed

  • Re-open the discussion

Private Permissions

This discussion is private. Only you and GPGTools support staff can see and reply to it.

Public Permissions

This discussion is public. Everyone can see and reply to it.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac

Recent Discussions

03 Aug, 2022 04:22 PM Cannot download GPGMail software
15 Jul, 2022 12:29 AM cannot upload existing public keys to hockeypuck key servers
10 Jul, 2022 03:42 PM General Question: What is the state of the GPG keyservers ecosystem?
08 Jul, 2022 09:31 PM visual indicator about expired subkey in GPG Keychain
29 May, 2022 02:18 AM 0902496371

Recent Articles

How to decrypt and verify text or files with GPG Services?
Add more email addresses (user IDs) to your existing key
Key Server
GPG Mail can't decrypt message
Extend Key or Subkey