Key Signing

Werner Koch wk@gnupg.org
Mon Apr 30 19:23:02 2001


On Mon, 30 Apr 2001, David Turner wrote:


> For example, if we were to organise a password at the meeting, then he
> goes home and sends me an encrypted email containing the password and his
I am not sure whether I got it right. If your problem is on how to sign someones key if he does not know his fingerprint when you meet him (or he has no key yet), you can use this protocol: 1. Create a shared secret. For example by using gpg --gen-random 2 10 | gpg --enarmor 2. Both parties write it down and keep it secret. 3. Alice gives her fingerprint to Bob (she always carries it with her) 4. At home, Bob send the fingerprint along with the shared secret in an _encrypted_ mail to Alice. He can do so because he knows Alice keys 5. Alice decrypt the mail from Bob, verifies the secret against her copy and can now be sure that it is Bob's fingerprint 6. Alice signs Bobs key. Werner -- Werner Koch Omnis enim res, quae dando non deficit, dum habetur g10 Code GmbH et non datur, nondum habetur, quomodo habenda est. Privacy Solutions -- Augustinus