openpgp-notes/book/source/pitfalls.md

Pitfalls / Things to keep in mind

Key IDs are really not guaranteed to be unique

Use fingerprints, or expect duplicates

Signature Subpackets can have duplicates

Packet Nesting can be unreasonable

• EBNF of allowed packet sequences is complex -> Recommend stricter best-practices?