[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Mais sobre GnuPG



Do GNU Privacy Handbook, pacote gnupg-doc:

Validating other keys on your public keyring

   In Chapter 1 a procedure was given to validate your correspondents'
>   public keys: a correspondent's key is validated by personally checking
>   his key's fingerprint and then signing his public key with your
>   private key. By personally checking the fingerprint you can be sure

pub  1024D/3516D372 2000-06-05 Carlos Laviola <claviola@ajato.com.br>
     Key fingerprint = 3BE1 6591 C78C 2AA4 31DD  AEEF 6406 0227 3516 D372
uid                            [revoked] Carlos Laviola <claviola@brfree.com.br>
uid                            [revoked] Carlos Laviola <claviola@rj.sol.com.br>
uid                            Carlos Laviola <claviola@debian.org>
sub  1024g/C8B35AF7 2000-06-05

Como se vê, o fingerprint nunca muda, ou seja, para todas as operações de
verificação de autenticidade, o que basta é a key ser a mesma, segundo o
manual. Como eu disse na outra mensagem, você confia em pessoas, não em userids.

   that the key really does belong to him, and since you have signed they
   key, you can be sure to detect any tampering with it in the future.
   Unfortunately, this procedure is awkward when either you must validate
   a large number of keys or communicate with people whom you do not know
   personally.

-- 
Carlos Laviola - ICQ 55799523
pub  1024D/3516D372 2000-06-05 Carlos Laviola <claviola@ajato.com.br>
     Key fingerprint = 3BE1 6591 C78C 2AA4 31DD  AEEF 6406 0227 3516 D372
                                 I have a solar vocal ail!

Attachment: pgpd1PPkVPRVM.pgp
Description: PGP signature


Reply to: