Fingerprint confusion.

john clark lurq_gnupg@yahoo.com
Sat Aug 24 13:10:02 2002 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Hi guys,

	You know what I find confusing?

	Being shown the fingerprint of the sub/encryption key
during encryption while the fingerprint being given by
the --fingerprint option is from the primary key.

	It's okay for signature verification stuff but
encrypting a message to someone who is yet to be
labelled trusted in your keyring prints out a message
similar to:

#--------------------------------------------
[bob]$ gpg1190 -er 48888458 message
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should
NOT be
gpg: used in a production environment or with
production keys!
gpg: 3C39C990: There is no indication that this key
really belongs to the owner
3072g/3C39C990 2000-05-22 "Jed R. Mallen
<trauma@surgical.net>"
             Fingerprint: BF24 C69D 5B44 0ACC BF87 
CB8E A236 3BA4 3C39 C990

It is NOT certain that the key belongs to its owner.
If you *really* know what you are doing, you may
answer
the next question with yes

Use this key anyway?
#--------------------------------------------

	While all the while what is given (and usually
publicized) is the primary fingerprint of:

#--------------------------------------------
pub  1024D/48888458 2000-05-22 Jed R. Mallen
<trauma@surgical.net>
     Key fingerprint = 7E12 A9C1 1E36 3DE9 FE64  FBCD
96E3 AD07 4888 8458
sub  3072g/3C39C990 2000-05-22
#--------------------------------------------

	Is there a less cumbersome way of getting around this
other than checking the primary fingerprint first then
encrypting the message? Like being shown both the
primary and subkey fingerprints during the encryption.

	Maybe there's a way of doing this via options and I'm
just too dumb and lazy to look it up. If so, I'm
sorry.

Thanks!

- - jed

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: <http://pr0wler.scripterz.org/pubkey.html>

iD8DBQE9Z0xuluOtB0iIhFgRA+k1AKC0Gij9FUqaIlXIuj0iH2UbZUdCqACfV0Si
Ju+0+eDopiM8bZJLzjQ6Vz8=
=ztRR
-----END PGP SIGNATURE-----


__________________________________________________
Do You Yahoo!?
Yahoo! Finance - Get real-time stock quotes
http://finance.yahoo.com