Do GNU Privacy Handbook, pacote gnupg-doc:
Validating other keys on your public keyring
In Chapter 1 a procedure was given to validate your correspondents'
> public keys: a correspondent's key is validated by personally checking
> his key's fingerprint and then signing his public key with your
> private key. By personally checking the fingerprint you can be sure
pub 1024D/3516D372 2000-06-05 Carlos Laviola <claviola@ajato.com.br>
Key fingerprint = 3BE1 6591 C78C 2AA4 31DD AEEF 6406 0227 3516 D372
uid [revoked] Carlos Laviola <claviola@brfree.com.br>
uid [revoked] Carlos Laviola <claviola@rj.sol.com.br>
uid Carlos Laviola <claviola@debian.org>
sub 1024g/C8B35AF7 2000-06-05
Como se vê, o fingerprint nunca muda, ou seja, para todas as operações de
verificação de autenticidade, o que basta é a key ser a mesma, segundo o
manual. Como eu disse na outra mensagem, você confia em pessoas, não em userids.
that the key really does belong to him, and since you have signed they
key, you can be sure to detect any tampering with it in the future.
Unfortunately, this procedure is awkward when either you must validate
a large number of keys or communicate with people whom you do not know
personally.
--
Carlos Laviola - ICQ 55799523
pub 1024D/3516D372 2000-06-05 Carlos Laviola <claviola@ajato.com.br>
Key fingerprint = 3BE1 6591 C78C 2AA4 31DD AEEF 6406 0227 3516 D372
I have a solar vocal ail!
Attachment:
pgpMNJTax7FI5.pgp
Description: PGP signature