[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: GPG fingerprints

On Fri, Sep 14, 2001 at 09:02:53PM -0500, Warren Turkal wrote:
> Is it ok to have your GPG fingerprint publicly available?

It is not only OK, but encouraged.  If one can confirm that your
fingerprint is valid (i.e. by calling you and saying "is <foo> really
your fingerprint?"), then it's a safe bet that they have the right key,
instead of a spoofed key.

The GPG key fingerprint can be obtained from any public key by running
'gpg --fingerprint <key_id>', so you could run 'gpg --fingerprint
frodo@morgul.net' and see the fingerprint for my key (assuming it's in
your keyring).  Then, get in touch with me by some secure means and
confirm that it's D896 D80A C030 7F05 701E  D535 62B5 4B8C 1140 4EC3 and
you know that you have the right key.


| Web: http://web.morgul.net/~frodo/
| PGP Public Key: http://web.morgul.net/~frodo/mail.html 

Attachment: pgpt9mhGGrI92.pgp
Description: PGP signature

Reply to: