-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi
On Saturday 3 May 2014 at 2:08:35 AM, in <mid:20140502200835.2cb51...@bigbox.christie.dr>, gn...@tim.thechases.com wrote: > However, after adding multiple uids and emailing an > encrypted test message from the new UID > (w...@example.com), I noticed that Claws Mail reported > that it had been signed by "h...@example.name" instead > of "w...@example.com", The email client will have told GnuPG to search for a key with a UID containing <w...@example.com>, which it found. I suspect <h...@example.name> was reported by the email client as the signing identity due to being set as the default UID. Anybody could look at the key using GnuPG or something like PGPdump and see all the IDs. In fact, simply checking the signature with GnuPG should display something like:- gpg: Good signature from "... <h...@example.name>" [unknown] gpg: aka "... <w...@example.com>" [unknown] > In the hope of > keeping the entries completely separate, I then tried [a unique key for each persona] > This seemed to work as expected, but has the down-side > that I would have N separate passphrases to > maintain/remember for each of the N personas. Yes, I > can make them all the same passphrase, but it would be > nice if they were all under one master passphrase. GnuPG can't manage your passphrases for you, but there are various password managers available to do just that. > So I guess I'm looking for > 1) something that doesn't leak identities across > signatures Not leaking the identity information can be achieved by not putting it in your UIDs. For example, my key has only one UID: "MFPA <a@b.c>" However, not having the email address in my UID makes it harder for people to use my key. Anybody who receives signed emails that I sent from different addresses can see they were signed with the same key and deduce they are likely to be from the same person. But they cannot look at the key and enumerate what other addresses or names I might use. > 2) a single passphrase to manage the > multiple identities You could use the same password for several keys, or use a password manager such as you might use to remember website login details. > 3) can be identified by the signing > email address (Claws seems to make this easy for > choosing the signing key) To enable my email client to locate my key by email address, I make use of group lines in my gpg.conf. For example:- group <2014-667rhzu3dc-lists-gro...@riseup.net>=0xA8A90B8EAD0C6E69 For my email client, this only works if the email address in the group line is surrounded by angle brackets. Other people report that they need to omit the angle brackets, and still others report that it does not matter for them. - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-gro...@riseup.net Free advice costs nothing until you act upon it -----BEGIN PGP SIGNATURE----- iPQEAQEKAF4FAlNlBblXFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5pfWMD/36QBpvlbY33J27Y2UmCfg7PUNR6wL+Wtaci DQM/JkmMFQZPg3MeYrCEBjO1xosMcvRgtof/TTaV4XkiR1XPdW8JHTiQVNCTHYjg DCY9aGVugClVdC/BeNxIwXD4ttBB9cOENHoCCnFOZerOSdIj0r2238eguascLNXR AkDhgdY1 =p1Ik -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users