OpenPGP Blog

Photos on PGP Keys

Earlier this week, I changed my profile picture on Twitter, Facebook, and other websites and decided the photo on my PGP key should match. This is a quick tutorial on PGP key photos.

PGP keys permit photos to be recorded on the key and are treated like other user ids, in that they can be signed by others. Image types are limited to JPEG. Generally, it is a set it and forget it process. So first we should remove the existing photo:

howardjp@thermopylae:/tmp/gpg$ gpg --edit --expert 0xE6602099

Secret key is available.

pub  4096R/0xE6602099  created: 2009-08-30  expires: never       usage: C   
                       trust: ultimate      validity: ultimate
sub  2048R/0xFCB31625  created: 2009-08-30  expires: never       usage: E   
sub  2048R/0xA40883BA  created: 2009-08-30  expires: never       usage: A   
sub  2048R/0x2C3602D7  created: 2009-08-30  expires: never       usage: S   
sub  2048R/0x3EE4249E  created: 2009-08-30  expires: never       usage: S   
[ultimate] (1). James Patrick Howard, II
[ultimate] (2)  James Patrick Howard, II <howard5@umbc.edu>
[ultimate] (3)  James Patrick Howard, II <jh@jameshoward.us>
[ultimate] (4)  James Patrick Howard, II <howardjp@gmail.com>
[ultimate] (5)  James Patrick Howard, II <jphoward@jphoward.com>
[ultimate] (6)  James Patrick Howard, II <james.howard@ubalt.edu>
[ultimate] (7)  James Patrick Howard, II <howardjp@terpalum.umd.edu>
[ultimate] (8)  James Patrick Howard, II (GSWoT:US72) <howardjp@gswot.org>
[ultimate] (9)  [jpeg image of size 18245]
[ultimate] (10)  James Patrick Howard, II <howardjp@miamialum.org>

Everything looks fine so far, so let’s select the photo as a userid and revoke it (from here, output will be abbreviated:

Command> 9

pub  4096R/0xE6602099  created: 2009-08-30  expires: never       usage: C   
                       trust: ultimate      validity: ultimat
[ultimate] (8)  James Patrick Howard, II (GSWoT:US72) <howardjp@gswot.org>
[ultimate] (9)* [jpeg image of size 18245]
[ultimate] (10)  James Patrick Howard, II <howardjp@miamialum.org>
Command> revuid

And now GPG will ask if I really want to do this, why, and give me the new key:

Really revoke this user ID? (y/N) y

Please select the reason for the revocation:
  0 = No reason specified
  4 = User ID is no longer valid
  Q = Cancel
(Probably you want to select 4 here)
Your decision? 4
Enter an optional description; end it with an empty line:
> Image is being updated.
>                        
Reason for revocation: User ID is no longer valid
Image is being updated.
Is this okay? (y/N)                  

You need a passphrase to unlock the secret key for
user: "James Patrick Howard, II"
4096-bit RSA key, ID 0xE6602099, created 2009-08-30

pub  4096R/0xE6602099  created: 2009-08-30  expires: never       usage: C   
                       trust: ultimate      validity: ultimate
[ultimate] (8)  James Patrick Howard, II (GSWoT:US72) <howardjp@gswot.org>
[ revoked] (9)  [jpeg image of size 18245]
[ultimate] (10)  James Patrick Howard, II <howardjp@miamialum.org>

So everything looks great, let’s add a new one:

Command> addphoto

Pick an image to use for your photo ID.  The image must be a JPEG file.
Remember that the image is stored within your public key.  If you use 
very large picture, your key will become very large as well!

Keeping the image close to 240x288 is a good size to use.

Enter JPEG filename for photo ID: jph.jpg
This JPEG is really large (44219 bytes) !
Are you sure you want to use it? (y/N) y

Since nobody actually reads keys to each other, I don’t mind a nice large color picture, but it is worth noting it is only 225x225 pixels.

Is this photo correct (y/N/q)? y        

You need a passphrase to unlock the secret key for
user: "James Patrick Howard, II"
4096-bit RSA key, ID 0xE6602099, created 2009-08-30

pub  4096R/0xE6602099  created: 2009-08-30  expires: never       usage: C   
                       trust: ultimate      validity: ultimate
[ultimate] (8)  James Patrick Howard, II (GSWoT:US72) <howardjp@gswot.org>
[ revoked] (9)  [jpeg image of size 18245]
[ultimate] (10)  James Patrick Howard, II <howardjp@miamialum.org>
[ unknown] (11)  [jpeg image of size 44219]

The validity is unknown, because it has not been recalculated yet. This is easy to fix by restarting GPG. Don’t forget to save your work:

Command> save

howardjp@thermopylae:/tmp/gpg$ gpg --edit --expert 0xE6602099
Secret key is available.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   2  signed:   2  trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: depth: 1  valid:   2  signed:   2  trust: 2-, 0q, 0n, 0m, 0f, 0u
pub  4096R/0xE6602099  created: 2009-08-30  expires: never       usage: C   
                       trust: ultimate      validity: ultimate
[ultimate] (8)  James Patrick Howard, II (GSWoT:US72) <howardjp@gswot.org>
[ revoked] (9)  [jpeg image of size 18245]
[ultimate] (10)  James Patrick Howard, II <howardjp@miamialum.org>
[ultimate] (11)  [jpeg image of size 44219]

Command> quit

And you’re done!