Re: photo support?

"vedaal" <> Mon, 01 July 2002 20:52 UTC

Received: from ( []) by (8.9.1a/8.9.1a) with ESMTP id QAA02431 for <>; Mon, 1 Jul 2002 16:52:09 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by (8.11.6/8.11.3) id g61KhSe14356 for ietf-openpgp-bks; Mon, 1 Jul 2002 13:43:28 -0700 (PDT)
Received: from ( []) by (8.11.6/8.11.3) with ESMTP id g61KhQw14352 for <>; Mon, 1 Jul 2002 13:43:26 -0700 (PDT)
Received: from mail pickup service by with Microsoft SMTPSVC; Mon, 1 Jul 2002 13:43:24 -0700
X-Originating-IP: []
From: "vedaal" <>
To: <>
References: <>
Subject: Re: photo support?
Date: Mon, 1 Jul 2002 15:49:24 -0400
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4807.1700
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
Message-ID: <>
X-OriginalArrivalTime: 01 Jul 2002 20:43:24.0484 (UTC) FILETIME=[F1E61840:01C2213F]
Precedence: bulk
List-Archive: <>
List-Unsubscribe: <>
List-ID: <>
Content-Transfer-Encoding: 7bit

----- Original Message -----
From: "Simon Josefsson" <>
To: <>
Sent: Monday, July 01, 2002 3:11 PM
Subject: photo support?

> Is there a standardized way to embed photos in OpenPGP keys?  Anyone
> interested in writing such a standard?

as it is now, it is definitely 'different' for PGP and GnuPG.

PGP compresses the .jpg into the photo id, and does not export it when
exporting the key.

GnuPG leaves the .jpg intact as added by the user, and exports it intact as
part of the .asc

if PGP downloads a public key with a photo id, that was generated by GnuPG,
it will export a photo as part of the .asc, but 'altered/compressed'.
the exported .asc of the public key will be different than the exported .asc
of the GnuPG key.

as a side-issue,
since the .jpg of a GnuPG generated photo-id is left intact,
it is possible to steganographically embed data within the key id photo
which can be retrieved intact from anywhere by downloading the key from an
ldap server.

it is possible to store a conventionally encrypted pgp file containing a
revocation certificate and passphrase for the key, and still have the .jpg
size at 4k,

but it is also possible to store the private key too, but with a .jpg
carrier size of 20 k.

this can lead to an overburdening of servers with 'bloated' keys, with
whatever someone may decide to want to 'store'.

it might be worthwhile to consider some maximal size for a recommended
standard, which can be implemented by the servers
refusing to accept a key greater than a certain size.

a reasonable size would be the size of existing typical keys with photo
id's, with a .jpg size of 4k.
{for illustration purposes, PRZ's photo size is 3.7k}