On 26/04/12 13:48, Anthony Papillion wrote:
and that will print out his key fingerprint. This would work for anyone
else with John Smith's key as well. So let's say I'm on the phone with
someone I think is John Smith but wanted to verify using his key
fingerprint. How would asking him to tell it to me mean anything since
ANYONE can get his fingerprint as long as they have his key?
You're turning it around :). Rather than verify you are speaking to John using
his fingerprint, you are verifying the fingerprint by speaking to John.
You should already be sure the person on the line is John Smith. John Smith then
tells you his fingerprint such that you can be sure the key you're looking at
actually belongs to John Smith, and hasn't been exchanged by a man in the
middle.
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
