Page MenuHome GnuPG
Create Task
Maniphest T7675

a user-id with just an email address (and not a display name) has no angle brackets surrounding the email address
Closed, ResolvedPublic
Actions

Description

According to RFC4880 (https://www.rfc-editor.org/rfc/rfc4880#section-5.11 ), the user-id should (by convention) contain an RFC2822 name-addr. (I can't find errata that contradict this, and RFC9580 says the same.)
The BNF of name-addr in RFC2822 is [display-name] angle-addr, where angle-addr is the email address enclosed in angle brackets.

When generating a key with gnupg, and leaving the display name empty, it will come up with a userid that is just user@example.org:

$ gpg --generate-key 
gpg (GnuPG) 2.4.8; Copyright (C) 2025 g10 Code GmbH

GnuPG needs to construct a user ID to identify your key.

Real name: 
Email address: user@example.org
You selected this USER-ID:
    "user@example.org"

Change (N)ame, (E)mail, or (O)kay/(Q)uit? o

public and secret key created and signed.

pub   ed25519 2025-06-04 [SC] [expires: 2028-06-03]
      B924FAC900160C64402A41E9C1CDE93E89C2CC0F
uid                      user@example.org
sub   cv25519 2025-06-04 [E] [expires: 2028-06-03]

Based on the quoted RFCs, I would have expected a user-id of <user@example.org>.

Details

Version
2.4.8

Event Timeline

jap created this task.Wed, Jun 4, 1:42 PM
werner added a subscriber: werner.Thu, Jun 5, 9:38 AM

Let's have a look at the spec (rfc2822 3.4):

address         =       mailbox / group

mailbox         =       name-addr / addr-spec

name-addr       =       [display-name] angle-addr

angle-addr      =       [CFWS] "<" addr-spec ">" [CFWS] / obs-angle-addr

group           =       display-name ":" [mailbox-list / CFWS] ";"
                        [CFWS]

display-name    =       phrase

mailbox-list    =       (mailbox *("," mailbox)) / obs-mbox-list

address-list    =       (address *("," address)) / obs-addr-list

A mailbox is either a "name-addr" or a "addr-spec". if it is the former you need to use angle brackets; if not you don't need to do that.

ikloecker added a subscriber: ikloecker.Thu, Jun 5, 10:09 AM

Let's have a look at the section of RFC4880 linked by the reporter:

A User ID packet consists of UTF-8 text that is intended to represent
the name and email address of the key holder.  By convention, it
includes an RFC 2822 [RFC2822] mail name-addr, but there are no
restrictions on its content.  [...]

I think the text tried to be brief by referring to RFC 2822, but it failed to deliver the real intention. I think the actual convention has always been that a User ID includes a name-addr with display-name and angle-addr, i.e. by convention a User ID includes the real name of the key holder and an email address (in angle brackets) of the key holder.

werner closed this task as Resolved.Thu, Jun 5, 10:17 AM
werner claimed this task.
werner edited projects, added Documentation, OpenPGP; removed Bug Report.

I see, I had rfc2440 in mind which says:

By convention, it includes  an RFC 822 mail name, but there are no restrictions on its content.

thus 4880 refined it a bit. But in practice it is not the same because it is utf8 and not punycode or whatever. let's close this bug because they way it is used will work with all mail clients.

jap added a comment.Thu, Jun 5, 4:21 PM

Thanks for elaborating and the reference to rfc2440 - I now understand where that stray mail (between [RFC2822] and name-addr) in rfc4880 comes from...
Anyway, I'll treat it as if it says RFC 2822 mailbox and will treat angle brackets with bare addresses as optional.