Question about key fingerprint uses

Peter Lebbing peter at digitalbrains.com
Fri Apr 27 14:40:01 CEST 2012


On 26/04/12 13:48, Anthony Papillion wrote:
> and that will print out his key fingerprint. This would work for anyone
> else with John Smith's key as well. So let's say I'm on the phone with
> someone I think is John Smith but wanted to verify using his key
> fingerprint. How would asking him to tell it to me mean anything since
> ANYONE can get his fingerprint as long as they have his key?

You're turning it around :). Rather than verify you are speaking to John using
his fingerprint, you are verifying the fingerprint by speaking to John.

You should already be sure the person on the line is John Smith. John Smith then
tells you his fingerprint such that you can be sure the key you're looking at
actually belongs to John Smith, and hasn't been exchanged by a man in the middle.

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt



More information about the Gnupg-users mailing list