~sircmpwn/sr.ht-discuss

13 7

Adding a PGP key larger than

Details
Message ID
<e92e8a7d8ffb25928a6aba8b2e606c9025ce47e8.camel@runlevel6.org>
DKIM signature
pass
Download raw message
I'm attempting to add my PGP key which is 35_110 bytes, however there
seems to be a limit of 32_768 bytes. Getting the following error:

> Maximum encoded key length is 32768 bytes.

And my key size:

> gpg --armor --export-options export-minimal --export "Gianni \ 
> Chiappetta" | wc --bytes
> 35110

Is it possible to increase this limit?
Details
Message ID
<CAPDI2KRSG00.OW5BXGFTTBYC@taiga>
In-Reply-To
<e92e8a7d8ffb25928a6aba8b2e606c9025ce47e8.camel@runlevel6.org> (view parent)
DKIM signature
fail
Download raw message
DKIM signature: fail
On Fri Apr 16, 2021 at 2:50 PM EDT, Gianni Chiappetta wrote:
> Is it possible to increase this limit?

No. Your key is excessively large in size. What do you have in there?
Details
Message ID
<40ae9a17a2b18b450d7fad7b33d144b766b3ef36.camel@runlevel6.org>
In-Reply-To
<CAPDI2KRSG00.OW5BXGFTTBYC@taiga> (view parent)
DKIM signature
pass
Download raw message
> No. Your key is excessively large in size. What do you have in there?

I have 3 UIDs and a 20kb profile image in the key. I suppose I could
remove/compress the image. However 20kb does seem pretty small for a
photo.
Details
Message ID
<CAPDOC7POT3Q.11GK13OR6VXJA@taiga>
In-Reply-To
<40ae9a17a2b18b450d7fad7b33d144b766b3ef36.camel@runlevel6.org> (view parent)
DKIM signature
fail
Download raw message
DKIM signature: fail
On Fri Apr 16, 2021 at 2:59 PM EDT, Gianni Chiappetta wrote:
> I have 3 UIDs and a 20kb profile image in the key. I suppose I could
> remove/compress the image. However 20kb does seem pretty small for a
> photo.

You should not have a photo in your PGP key at all.
Geert Stappers
Details
Message ID
<20210416200511.uytg7twpgpztrhws@gpm.stappers.nl>
In-Reply-To
<CAPDOC7POT3Q.11GK13OR6VXJA@taiga> (view parent)
DKIM signature
missing
Download raw message
On Fri, Apr 16, 2021 at 03:00:11PM -0400, Drew DeVault wrote:
> On Fri Apr 16, 2021 at 2:59 PM EDT, Gianni Chiappetta wrote:
> > I have 3 UIDs and a 20kb profile image in the key. I suppose I could
> > remove/compress the image. However 20kb does seem pretty small for a
> > photo.
> 
> You should not have a photo in your PGP key at all.

Qouting manpage of `gpg`

              adduid Create an additional user ID.

              addphoto
                     Create a photographic user ID. This will  prompt
                     for  a  JPEG file that will be embedded into the
                     user ID. Note that a very large JPEG  will  make
                     for  a  very large key. Also note that some pro‐
                     grams will display your JPEG unchanged  (GnuPG),
                     and some programs will scale it to fit in a dia‐
                     log box (PGP).

              showphoto
                     Display the selected photographic user ID.

              deluid Delete a user ID or photographic user ID.   Note
                     that  it  is  not possible to retract a user id,
                     once it has been send to the public (i.e.  to  a
                     keyserver).  In that case you better use revuid.


To me it says "There are PGP keys with photos"



Groeten
Geert Stappers
-- 
Silence is hard to parse
Details
Message ID
<CAPF3RQPEH4E.2LSPTA7C6SHKC@taiga>
In-Reply-To
<20210416200511.uytg7twpgpztrhws@gpm.stappers.nl> (view parent)
DKIM signature
fail
Download raw message
DKIM signature: fail
You can put a lot of things in your PGP key. Doesn't mean you should.
Geert Stappers
Details
Message ID
<20210416213341.kxk5omh2bnxj6xt4@gpm.stappers.nl>
In-Reply-To
<CAPF3RQPEH4E.2LSPTA7C6SHKC@taiga> (view parent)
DKIM signature
missing
Download raw message
On Fri, Apr 16, 2021 at 04:07:21PM -0400, Drew DeVault wrote:
> You can put a lot of things in your PGP key. Doesn't mean you should.

We agree on that.

We probably also agree raising the limit for PGP key size.


Challenge is what the next size limit should be.


 
Regards
Geert Stappers
-- 
Silence is hard to parse
Details
Message ID
<CAPGY4XRUS67.3RT7G2TU6I85M@taiga>
In-Reply-To
<20210416213341.kxk5omh2bnxj6xt4@gpm.stappers.nl> (view parent)
DKIM signature
fail
Download raw message
DKIM signature: fail
On Fri Apr 16, 2021 at 5:33 PM EDT, Geert Stappers wrote:
> We probably also agree raising the limit for PGP key size.

No, we do not agree on this. The limit stays.
Details
Message ID
<B6C930F1-DE53-41CA-8377-9F292478D4C9@mehdix.org>
In-Reply-To
<CAPF3RQPEH4E.2LSPTA7C6SHKC@taiga> (view parent)
DKIM signature
pass
Download raw message
I have also multiple uids and was planning to add a photo. This is I'd guess a common practice in EU.

How is the current size limit calculated? Are there technical difficulties in increasing the limit? Does having a photo  contradicts any of sr.ht goals?
Details
Message ID
<CAPXURYMY0LC.199U6CWBZ4IAG@taiga>
In-Reply-To
<B6C930F1-DE53-41CA-8377-9F292478D4C9@mehdix.org> (view parent)
DKIM signature
fail
Download raw message
DKIM signature: fail
On Sat Apr 17, 2021 at 6:41 AM EDT, Mehdi Sadeghi wrote:
> I have also multiple uids and was planning to add a photo. This is I'd
> guess a common practice in EU.
>
> How is the current size limit calculated? Are there technical
> difficulties in increasing the limit? Does having a photo contradicts
> any of sr.ht goals?

Common practice or not, it's not necessary. It dramatically increases
your PGP key size for no reason. We need your PGP key to encrypt
messages to you, and we don't use your picture for anything. I see no
reason to accept a bunch of pictures into our database when all we
really need is your public key.
Details
Message ID
<20210417110626.7f6n5xbxxqtu32om@hoshi>
In-Reply-To
<CAPXURYMY0LC.199U6CWBZ4IAG@taiga> (view parent)
DKIM signature
missing
Download raw message
On 17-04-2021 06:48:57, Drew DeVault wrote:
> On Sat Apr 17, 2021 at 6:41 AM EDT, Mehdi Sadeghi wrote:
> > I have also multiple uids and was planning to add a photo. This is I'd
> > guess a common practice in EU.
> > [...]
> 
> Common practice or not, it's not necessary. [...]

I support this statement.

Mehdi, I don't know where your impression comes from that pictures in GPG keys
are common in the EU, it certainly isn't in my bubble (Germany).
Of course there are always _some_ people who do things just because it's possible.
;-)

Matthias
Details
Message ID
<20210417114829.vgpuk3vil43gjmsw@gabriel.localdomain>
In-Reply-To
<B6C930F1-DE53-41CA-8377-9F292478D4C9@mehdix.org> (view parent)
DKIM signature
pass
Download raw message
On 21-04-17 12:41:04, Mehdi Sadeghi wrote:
> I have also multiple uids and was planning to add a photo. This is I'd guess a common practice in EU.
> 
> How is the current size limit calculated? Are there technical difficulties in increasing the limit? Does having a photo  contradicts any of sr.ht goals?

I think this might be the case only if you upload your keys to a
keyserver.

For sr.ht you should use --export-options export-clean, as it only
requires the info neccessary for encrypted communication.

--
/Marius Orcsik
Details
Message ID
<65662B39-D202-4377-8877-3325184D3ADB@mehdix.org>
In-Reply-To
<20210417110626.7f6n5xbxxqtu32om@hoshi> (view parent)
DKIM signature
pass
Download raw message
> pictures in GPG keys are common in the EU, it certainly isn't in my bubble (Germany).

Oh, sorry for the vague statement. I meant putting picture on thing like resumes is common practice. However, from the last FOSDEM keysigning I can certainly remember keys with photos.

btw, I'm in the same bubble!
Details
Message ID
<CAG+K25OVqrgY5poHTOh_z=yvDwYfeiu8YVSGA00DjRwxKyfg6Q@mail.gmail.com>
In-Reply-To
<65662B39-D202-4377-8877-3325184D3ADB@mehdix.org> (view parent)
DKIM signature
pass
Download raw message
Hi, I thought I will chime in with my 2 cents.

Mehdi Sadeghi <mehdi@mehdix.org> writes:
> Oh, sorry for the vague statement. I meant putting picture on thing
> like resumes is common practice. However, from the last FOSDEM
> keysigning I can certainly remember keys with photos.

I think there is some confusion on the intended usage of the keys here.

When *you* distribute your keys to others
(as attachment, via keyserver, etc.),
feel free to include whatever
(within reason – don't be rude and hog other people's harddrive space).
These keys can become quite large even without photos
– IIRC when I tried to upload mine to sourcehut,
I also hit the limit before reading about the proper options,
simply because I attended one or two FOSDEM signing parties
and all the signatures have added up.

sourcehut does not really care of web of trust, your photo etc.
The only think it cares about is "How shall I encrypt e-mail
that I will send to you". Since you are required to state that
explicitly *and* you are already authenticated with the service,
anything else but the public key itself is superfluous.
From that point of view, the current limit is in my opinion well within
reason.

Hope this helps to illustrate the situation somehow 🙂.
--
Jan Staněk – Khardix
Reply to thread Export thread (mbox)