Using the OTR plugin with Pidgin for verifying GPG public key fingerprints

Robert J. Hansen rjh at
Sat Mar 13 07:10:20 CET 2010

> You have an existing credential - a passport.
> You then use that credential to verify another - a PGP key.

The passport isn't used to verify the OpenPGP key.  The passport is used to verify *identity*.  The key fingerprint is used to verify the OpenPGP key.

A signature is a statement of "I believe this person is associated with this OpenPGP key."  To do that, you have to first verify the person is who you think they are (the passport); you have to verify the key is what you think it is (the fingerprint); and then you make a statement about the two being associated.

More information about the Gnupg-users mailing list