getting an encrypted file to show what public key was used

Robert J. Hansen rjh at sixdemonbag.org
Tue May 29 20:12:51 CEST 2012


On 5/29/12 1:54 PM, Steven Lefevre wrote:
> This is, not surprisingly, the case. There was bad logic in my script
> and somehow, somewhere, it's using the wrong key for this particular
> host.

The good news is it's an easy problem to fix.  :)

Get in touch with your contact over there (preferably via a
non-email/non-IM form of contact, like the telephone).  After getting in
touch with the right person and verifying to your satisfaction that
you're really talking to the right person, just ask: "Hey, I need the
full fingerprint of your OpenPGP key.  Not the short ID, but the full
fingerprint.  Would you help me with that, please?"

Write down the full fingerprint.

Then say, "And could you please email me your public key?"

Then:

	$ gpg --delete-key 0xF1940956

Once the email with their certificate arrives, save it to disk and:

	$ gpg --import <their certificate>
	$ gpg --edit-key <their certificate>

>From the edit-key screen, type 'fingerprint' to check the full
fingerprint.  Make sure it matches what you were given on the phone.  If
it matches, then from the edit-key screen, type 'lsign'.  This will
validate the certificate, and at this point you'll have a fairly high
assurance that you're using the correct certificate.  :)



More information about the Gnupg-users mailing list