Neal H. Walfield wrote:
Hi Neal,
I opened issue #508:
Thanks for considering this feature, much appreciated!
Two issues come to mind:
- The sender can't really force the recipient to use a User ID-less key. So, you'll need to somehow establish that convention.
Correct, people usually tell each other, before doing so.
You'll probably want to make sure the recipients are anonymized.
Normally the Key ID is stored in the PKESK packet [1] so that the recipient knows if the message is intended for them, and what key they should use to decrypt it. In gpg you can use `--throw-keyids` to "hide" the recipient. This sets the key id field to 0. Then, to decrypt a message, you'd do trial encryption.
Hiding Key IDs in this way doesn't completely hide the recipient. In particular, the size of the PKESK's payload reveals the size of the public key. That is, a 4k RSA key has a different sized PKESK from a 2k RSA key, and from an ECC key.
I did not thought about the key-id, my thought was only as long as no 3rd party has access to someones key ring it would be sufficient.
People also use sometimes additionally symmetric encryption on top of that, so that the pub keys data is hidden as well.
Best regards Stefan