Robert, Hi and thanks for the reply. Salsa is cooking. And since you are so kind:
It would help a whole lot if GPG included some authoritative documentation on how to use the program in the following scenario: - The trust in the correspondent's public key is established only by comparing the key fingerprint derived programmatically from the locally stored key-file and a copy independently obtained from the owner. The only identification of a public key is its fingerprint. Since the public key is either known to an adversary, or it is very hard to guard against such eventuality, the public key itself should not provide the adversary with any useful information. - All gpg operations (key generation, encryption, decryption) are carried out on a device not connected to the Internet. - There is no e-mail. (It's not just "resting", it is DEAD). It would really, really help. p.s. Out-of-channel fingerprint dissemination and exchange of ciphertext without the benefit of the e-mail system has been dealt with, so there is no need at all to address that. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users