0

On Openpgp.js, in order to generate the encryption keys, the name and the email properties are mandatory:

await generateKey({ curve: 'brainpoolP512r1',  userIDs: [{ name: 'Test', email: 'test@test.com' }] });

In a project I'd like to use OpenPGP for a different scenario where there will be no name or email, each pair of keys would be linked to an internal id in the database.

In this project I just need to encrypt and sign messages.

My question is: Is OpenPGP best suited for just signing and encrypting messages with out any user information?

John
  • 321
  • 2
  • 12

1 Answers1

1

The name and email comprise "User ID", which is a first-class concept in OpenPGP spec (RFC 4880). At least in some contexts they are mandatory (e.g. "11.1. Transferable Public Keys"). No surprise implementations insist on filling this info. GnuPG insists on "valid" email address AFAIR, although I once have seen a key without email address listed.

If you want just some crypto keys and you're sure that User ID doesn't matter to you, just hardcode something in there.

OpenPGP was developed primarily for making remote communications between people more private and trustworthy. But it's just a tool, having understanding of it you may find novel beneficial use cases. For example, a lot of people encrypt their backups with it. You may find it just works for your case, or that it doesn't make sense.

Andriy Utkin
  • 11
  • 1