On Mon, 10 Dec 2018 14:25:08 +0100, Wiktor Kwapisiewicz wrote: Hi Wiktor, > That's an interesting idea, it seems GnuPG has some support for sending keys > via > e-mail.
> By the way validation of keys sent from e-mail would require DKIM as it's easy > to spoof "From" (that's why most solutions send verification e-mails to the > e-mail address instead of receiving it). Yes, it seems it would be a good start. However, if unwanted data can then be still submitted remains to bee seen, because what if anonymous email services would use DKIM too? As per Werner's suggestion to make only the fingerprint available for (Web/API) searches, is also a thing, because like i previously said a list of fingerprints for example can still be generated and uploaded with a description of a file name, so that users only need to use a one line like that: fp=0x1E2CE500D7C6ACD8D41DABAB73253A1F090C53B6 gpg --recv-key $fp | gpg --export $fp > key.asc && gpg --list-packets key.asc |\ grep -e '^:user ID packet: "[[:digit:]]'|sed -e 's/^:user ID packet: "//' |\ sort -n | sed -e 's/^[^@]*@//'| tr -d '"\015\012' | fold -w 76 | base64 -d > Kristian.jpg And i tried also a modified version of the github program (uploading disabled) and it is pretty fast imho for generating jpg image content keys. For other binary stuff it is slow. Regards Stefan -- https://www.behance.net/futagoza https://keybase.io/stefan_claas _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users