gpg --recv-key option

L. Sassaman
Sat, 25 Mar 2000 23:45:39 -0800 (PST)

Hash: SHA1

On Sun, 26 Mar 2000, Michal Hajek wrote:

> Hello, can anybody tell me what and why these fingerprints are ?
> It should be something important or useful at least since nearly
> everybody who uses gpg/pgp uses it. I have searched gpg help but did not
> find out what i was looking for. Thanks in advance...
> Best regards Michal Hajek
Sure thing. "Fingerprints" are unique identifiers for keys. They are a hash output of the key material. (v3 and v4 keys are a little different as far as fingerprints are concerned; I won't go into specifics here.) Basically, they are useful in determining that a key belongs to a particular person. You call him or her on the phone (provided you can trust the phone... ) and ask him to read his fingerprint to you. You compare it with the ones you got from a key server, and the key with the same fingerprint is the real one. This makes sure that someone doesn't make a key with the same uid and keyid as the real one, in order to pull off a man in the middle attack, or similar compromise of security. __ L. Sassaman System Administrator | "All of the chaos Technology Consultant | Makes perfect sense..." icq.. 10735603 | pgp.. finger:// | --Joe Diffie -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1d (GNU/Linux) Comment: OpenPGP Encrypted Email Preferred. iD8DBQE43cAqPYrxsgmsCmoRAuj4AJ9vj/oh89BNAQyup052wYSuk8qYVACdH7gj ptU709uC1E3VQ66Udn1po/g= =puKL -----END PGP SIGNATURE-----