At 16:25 +0200 1999-05-30, Wichert Akkerman wrote:
Previously Jason Gunthorpe wrote:It is the single most important field to check. It serves the same purpose as the keyID except that it is much more reliable and cannot be faked at all.If I remember things correctly both the key-ID and the fingerprint can be faked, although the the fingerprint is harder. You really want the combination of both.
For RSA keys, you want the keyid, fingerprint and keylength. I've seen keys that had identical fingerprints and keyids, but different keylengths.
-- Joel Klecker (aka Espy) Debian GNU/Linux Developer <URL:mailto:jk@espy.org> <URL:mailto:espy@debian.org> <URL:http://web.espy.org/> <URL:http://www.debian.org/>