I dont agree.
Why isnt the photo ID feature not useful? Surely any piece of
information that would help another person, with whom you
are proposing to communicate, to identify you first, is a good
thing. Before they can trust you enough to sign the key (which
cant be very often using the PGP model) they must be able to
identify you, and a photo ID helps them to put a name to a face,
or at least provides a reference point with which to do other
checks, before signing the key, let alone encrypting -
someones photo ID to do a google image search on it, bringing
up other information that could be useful.
Maybe Im wrong but the problem with GPG is that it has too few
verification tools, like the photo ID. In my keychain I have 35
public keys for different individuals with whom I may want
to communicate via GPG, but Ive probably only signed a fraction
of them, maybe 10, and only a handful of those are people I
know personally. I always sign my messages, but if you are
unable to trust someone enough to sign they key (or even their
signature) then Im not sure that PGP is very useful or fulfils
As for the photo ID feature itself surely there are technical fixes
for that, including allowing people to upload slightly larger images
than would bepossible with the recommended dimensions without increasing
the key size. For reference, passport photographs are pretty
small, as we are all aware, (I think 35 by 45 mm in the EU), and
when we send email a scan of our passport page for some job
application or whatever it is not likely to be a good.
Post by Robert J. Hansen
Post by Philip Jackson
I've been looking for documentation with info on adding a photo id to a gpg key.
The instructions for adding are available but I can't find any advice for the
size, format, dpi etc of the image to be used.
The major problem is there is very little good advice about this, and what there is keeps changing. For a long time the PGP Desktop product used 120x144 as a picture size. Back when a high-resolution display was 800x600 it made a lot of sense; now, when my laptop has a 2880x1800 display, a 120x144 image is literally smaller than a postage stamp.
GnuPG adopted the photo-ID feature a few years later and technology had already progressed to the point where the GnuPG advice was 240x288. That advice hasnt changed in over ten years; its probably out of date by now.
With respect to what format should be used, the de-facto standard seems to be JPEG.
I personally dont find photo ID to be a useful feature. Theyre too static. The photo ID on my certificate, for instance, is almost ten years old. If you need photo ID, a better route would appear to be something like keybase.io, which offers some neat tools for binding a certificate to photographs, social media accounts, and whatnot.
Gnupg-users mailing list