Do GNU Privacy Handbook, pacote gnupg-doc: Validating other keys on your public keyring In Chapter 1 a procedure was given to validate your correspondents' > public keys: a correspondent's key is validated by personally checking > his key's fingerprint and then signing his public key with your > private key. By personally checking the fingerprint you can be sure pub 1024D/3516D372 2000-06-05 Carlos Laviola <email@example.com> Key fingerprint = 3BE1 6591 C78C 2AA4 31DD AEEF 6406 0227 3516 D372 uid [revoked] Carlos Laviola <firstname.lastname@example.org> uid [revoked] Carlos Laviola <email@example.com> uid Carlos Laviola <firstname.lastname@example.org> sub 1024g/C8B35AF7 2000-06-05 Como se vê, o fingerprint nunca muda, ou seja, para todas as operações de verificação de autenticidade, o que basta é a key ser a mesma, segundo o manual. Como eu disse na outra mensagem, você confia em pessoas, não em userids. that the key really does belong to him, and since you have signed they key, you can be sure to detect any tampering with it in the future. Unfortunately, this procedure is awkward when either you must validate a large number of keys or communicate with people whom you do not know personally. -- Carlos Laviola - ICQ 55799523 pub 1024D/3516D372 2000-06-05 Carlos Laviola <email@example.com> Key fingerprint = 3BE1 6591 C78C 2AA4 31DD AEEF 6406 0227 3516 D372 I have a solar vocal ail!
Description: PGP signature