The Call of the Open Sidewalk

From a place slightly to the side of the more popular path

User Tools

Site Tools


pgpfan:signedanon

Signed Anonymous Messages

Normally you would send a message encrypted but with no signature when you want to go anonymous with OpenPGP. Sometimes you might want to send a series of anonymous messages tied together with the same identity. That is a bit more work but is quite doable using OpenPGP.

The general idea is to create a new OpenPGP identity that is not tied to your identity in any way. Then you use that identity to sign your messages. Since a User ID is mandatory in an OpenPGP identity you will have to provide a bogus name and email address. Using gibberish would make it hard for others to keep track of the identity but using something accidentally meaningful can decrease anonymity. It is probably best and easiest to use some random but valid words. Example1):

Angling Carry <Scrutiny@Bulk>

Your new anonymous OpenPGP identity can be distributed with your first signed message. If that message is to few entities it can be encrypted. If it is a public message then it can be distributed unencrypted.

This method has the disadvantage that it is possible that the compromise of the secret portion of your anonymous identity could tie all of the signed messages back to you. If you are done sending a particular series of messages the secret can be destroyed to prevent that possibility.

PGP FAN Index

1)
Four random words generated using the Diceware method
pgpfan/signedanon.txt ยท Last modified: 2021/05/27 23:26 by b.walzer