Question about key fingerprint uses

Anthony Papillion anthony at papillion.me
Thu Apr 26 13:48:10 CEST 2012


So I was browsing the documentation this morning when I came across this
documentation for the --fingerprint flag:

"You want to see "Fingerprints" to ensure that somebody is really the
person they claim (like in a telephone call). This command will result
in a list of relatively small numbers."

I'm not really sure how this would work in real life. For example, if I
have John Smiths key I can type

gpg --fingerprint "John Smith"

and that will print out his key fingerprint. This would work for anyone
else with John Smith's key as well. So let's say I'm on the phone with
someone I think is John Smith but wanted to verify using his key
fingerprint. How would asking him to tell it to me mean anything since
ANYONE can get his fingerprint as long as they have his key?

Thanks!
Anthony




More information about the Gnupg-users mailing list