Question about key fingerprint uses
anthony at papillion.me
Thu Apr 26 13:48:10 CEST 2012
So I was browsing the documentation this morning when I came across this
documentation for the --fingerprint flag:
"You want to see "Fingerprints" to ensure that somebody is really the
person they claim (like in a telephone call). This command will result
in a list of relatively small numbers."
I'm not really sure how this would work in real life. For example, if I
have John Smiths key I can type
gpg --fingerprint "John Smith"
and that will print out his key fingerprint. This would work for anyone
else with John Smith's key as well. So let's say I'm on the phone with
someone I think is John Smith but wanted to verify using his key
fingerprint. How would asking him to tell it to me mean anything since
ANYONE can get his fingerprint as long as they have his key?
More information about the Gnupg-users