this pseudonym. If this person's secret keyring were stolen, could person=pseudonym be revealed, based on the key ID? Or would it require knowing the passphrase?
Yes, the person=personna would be revealed. No, a passphrase would not be needed. To demonstrate try "pgp -kv secring.pgp" and see what you get.
I kinda figured that... I was just wondering if maybe the info could be altered, so that the real info can't be figured without getting the passphrase.
I hope this gets fixed in PGP 3.0.
I guess pseudonymity(sp?) wasn't the main concern when PGP was created. I suppose a temporary fix would be to not use an ordinary PGP passphrase, but rather encrypt the whole secring.pgp file. Decrypt it when you need it, and be very careful to properly clean up when you're done. ===================================================================== | Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/) | | Email: steve@edmweb.com Home Page: http://www.edmweb.com/steve/ | | PGP Fingerprint: 11 C8 9D 1C D6 72 87 E6 8C 09 EC 52 44 3F 88 30 | | -- Disclaimer: JMHO, YMMV, IANAL. -- | ===================================================================:)