Mailing List Archive: GnuPG: users

asymmetry of 'adduid' and 'deluid'

Index | Next | Previous | View Threaded

vedaal at nym

Jul 24, 2012, 6:58 AM

Post #1 of 5 (225 views)
Permalink

asymmetry of 'adduid' and 'deluid'

Recently added a uid and deleted a uid to one of my keys.

Found that to add a uid, gnupg asks for the passphrase, but to
delete a uid, it does not.

(Doesn't really matter much, since the secret key is required for
both,
but was curious if there is any underlying reason why gnupg does it
this way.)

vedaal

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

dkg at fifthhorseman

Jul 24, 2012, 7:08 AM

Post #2 of 5 (226 views)
Permalink

Re: asymmetry of 'adduid' and 'deluid' [In reply to]

On 07/24/2012 09:58 AM, vedaal [at] nym wrote:
> Recently added a uid and deleted a uid to one of my keys.
>
> Found that to add a uid, gnupg asks for the passphrase, but to
> delete a uid, it does not.
>
> (Doesn't really matter much, since the secret key is required for
> both,
> but was curious if there is any underlying reason why gnupg does it
> this way.)

possession of the secret key is not required for deluid, actually.

look at it this way:

deluid is just an edit of your local keyring -- it removes a handful of
packets (note that if the key is already on the public keyservers or
someone else has a copy, they will still have the user ID that you deleted).

adduid, on the other hand, requires the creation of a new cryptographic
signature: the self-sig made by the primary key over the user ID. To
create this self-sig, gpg needs access to the secret key material for
the associated primary key.

make sense?

hth,

--dkg

Attachments:

signature.asc (1.01 KB)

dshaw at jabberwocky

Jul 24, 2012, 7:10 AM

Post #3 of 5 (224 views)
Permalink

Re: asymmetry of 'adduid' and 'deluid' [In reply to]

On Jul 24, 2012, at 9:58 AM, vedaal [at] nym wrote:

> Recently added a uid and deleted a uid to one of my keys.
>
> Found that to add a uid, gnupg asks for the passphrase, but to
> delete a uid, it does not.
>
> (Doesn't really matter much, since the secret key is required for
> both,
> but was curious if there is any underlying reason why gnupg does it
> this way.)

To add a UID, GnuPG needs to generate a binding signature from the primary key. To generate a signature, we of course need the passphrase. To delete a UID, GnuPG just needs to throw away packets. No signature needed, so no passphrase needed.

Note that to revoke (rather than delete) a UID involves making a signature as well, and will also require a signature.

David

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

wk at gnupg

Jul 24, 2012, 7:15 AM

Post #4 of 5 (226 views)
Permalink

Re: asymmetry of 'adduid' and 'deluid' [In reply to]

On Tue, 24 Jul 2012 15:58, vedaal [at] nym said:

> Found that to add a uid, gnupg asks for the passphrase, but to
> delete a uid, it does not.

For “adduid” we need to a create a user-id binding signature
(self-signature) and thus need the secret key and in turn the
passphrase.

“deluid” simply removes the user-id, its self-signature, and its key
signatures. No need for any crypto operations.

Shalom-Salam,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

mika.henrik.mainio at hotmail

Jul 25, 2012, 1:07 AM

Post #5 of 5 (221 views)
Permalink

Re: asymmetry of 'adduid' and 'deluid' [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 24.07.2012 16:58, vedaal [at] nym wrote:
> Recently added a uid and deleted a uid to one of my keys.
>
> Found that to add a uid, gnupg asks for the passphrase, but to
> delete a uid, it does not.
>
> (Doesn't really matter much, since the secret key is required for
> both, but was curious if there is any underlying reason why gnupg
> does it this way.)

I'm not sure, but this might be because deleting uid isn't permanent
if you sync the key from keyserver.

1. Create UID.
2. Push key to keyserver.
3. Delete UID.
4. Get key from keyserver.
5. The deleted UID appears.

You should use command revuid, if you want to revoke UID.

- --
Mika Suomalainen

NOTICE! I am on mobile broadband with very limited time, so I cannot
read emails very much.
The best time to contact me is probably weekends when I have better
connectivity with good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Public key: http://mkaysi.github.com/PGP/key.txt
Comment: Fingerprint = 24BC 1573 B8EE D666 D10A AA65 4DB5 3CFE 82A4 6728
Comment: Why do I (clear)sign emails? http://git.io/6FLzWg
Comment: Please remove PGP lines in replies. http://git.io/nvHrDg
Comment: Charset of this message should be UTF-8.
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCgAGBQJQD6lSAAoJEE21PP6CpGcolsYP/jvQ/OmQ2HqekfnUWPe+kHU5
h3FGdH1zLAQXq5mm41GpNi2ClnDHjridH4cbwHMlB+36SLcxHyHXMCX/Has6r0+z
AIPlT9hkhe840w2tnFdZIgXPgoz4rNEZ2YV+TUWxjTm/Rs8ViIObtU66zyCe36a+
VoMKpMHmrGcAQdLw1JGWVAOYtGaHcz5xhdMAZoT935t3O7irdnlO3nmabMMUcLXV
8BdPAXCQdaUSUNbui3riLwMUC449Jx8hbM2hLNK21iOIZclVz9Wf0TLo1PhEh0TC
UK/cyHos29DGm8oVEhlwTxh6m58uzAI7mAU3yOPPPKw5TzFJwNSzOW3QRZhWD16D
iH6WaLOViHC+4ipZurac+6cTbHeWSAm4NV6AC/OZPkvCOCgP+gDERtAZJn+wbBBm
jyPmcVWRpppF2pAs+NMytNO2mD2HPO88X4F09msALKx5IKxWzobiv+wnbQnAI/q4
kMW8O3IVn+qg4+Jhylg7J++CdvCvdr9tAhwQigntNgzmidSZTJjwKCGpmprPkpTX
Yw44qymelrhx0SObjjjsrh7wX6YcENuGOsldqtjQRUD8RjAPtqe6ULsYDuCa3ZKC
ZOJwjbcTVYBtqC//lPHyGhWufxCq67lpQ1MNyBUF1s4pONKOuScJc3dOu3QuAGM+
sM5vXEhK2uDAaATovvtT
=MMai
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads