[guardian-dev] meta data in OpenPGP and GnuPG

Hans-Christoph Steiner hans at at.or.at
Fri Dec 16 02:06:13 EST 2011


I found a good reference on the types of meta data in gpg keys and sub keys (gpgme is a "GPG Made Easy", a simplified library interface for GPG):

http://www.gnupg.org/documentation/manuals/gpgme/Key-Management.html#Key-Management

.hc

On Dec 14, 2011, at 4:30 PM, Hans-Christoph Steiner wrote:

> 
> Hey Harlo,
> 
> I'm not sure if you're on the oi2-dev list, so I cc'ed you.  Just a quick follow up on our discussion on GnuPG meta data.  I think we covered the standard, public meta data that is in OpenPGP keys and encrypted files, but there might be other information that is only really exposed via lower level interfaces like libgcrypt or even the guts of gpg.
> 
> For the PSST project, having knowledge of all possible meta data is mostly needed to think about how to manage what is leaked where and when.  One of the PSST goals is to have a "paranoid" mode where the info in OpenPGP keys, files, and communications has as little info included as possible.
> 
> For a next step, I was thinking that we should start cataloging the OpenPGP meta data somewhere.  We could put it on the Guardian wiki, perhaps in its own section since it is really a cross-project general resource.
> 
> .hc
> 
> 
> ----------------------------------------------------------------------------
> 
> Looking at things from a more basic level, you can come up with a more direct solution... It may sound small in theory, but it in practice, it can change entire economies.     - Amy Smith
> 
> 



----------------------------------------------------------------------------

Using ReBirth is like trying to play an 808 with a long stick.    -David Zicarelli




More information about the Guardian-dev mailing list