gpg --recv-key option
L. Sassaman
rabbi@quickie.net
Sat, 25 Mar 2000 23:45:39 -0800 (PST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sun, 26 Mar 2000, Michal Hajek wrote:
> Hello, can anybody tell me what and why these fingerprints are ?
> It should be something important or useful at least since nearly
> everybody who uses gpg/pgp uses it. I have searched gpg help but did not
> find out what i was looking for. Thanks in advance...
> Best regards Michal Hajek
Sure thing. "Fingerprints" are unique identifiers for keys. They are a
hash output of the key material. (v3 and v4 keys are a little different as
far as fingerprints are concerned; I won't go into specifics here.)
Basically, they are useful in determining that a key belongs to a
particular person. You call him or her on the phone (provided you can
trust the phone... ) and ask him to read his fingerprint to you. You
compare it with the ones you got from a key server, and the key with the
same fingerprint is the real one.
This makes sure that someone doesn't make a key with the same uid and
keyid as the real one, in order to pull off a man in the middle attack, or
similar compromise of security.
__
L. Sassaman
System Administrator | "All of the chaos
Technology Consultant | Makes perfect sense..."
icq.. 10735603 |
pgp.. finger://ns.quickie.net/rabbi | --Joe Diffie
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1d (GNU/Linux)
Comment: OpenPGP Encrypted Email Preferred.
iD8DBQE43cAqPYrxsgmsCmoRAuj4AJ9vj/oh89BNAQyup052wYSuk8qYVACdH7gj
ptU709uC1E3VQ66Udn1po/g=
=puKL
-----END PGP SIGNATURE-----