لطفا منتظر باشید ...
Recipe 7.9 Sharing Public Keys
7.9.1 Problem
You want to obtain a
friend's public key securely but conveniently.
7.9.2 Solution
Most securely, get the public key on disk directly from your friend
in person. Barring that:
- Obtain the public key by any means (e.g., email, keyserver [Recipe 7.19]).
- Add the key to your keyring. [Recipe 7.10]
- Before using the key, telephone its owner and ask him to read the key
fingerprint aloud. View the fingerprint with:$ gpg --fingerprint key_id
If they match, you're done. If not, consider the key
suspect, delete it from your keyring, and don't use
it. - If you trust the key, indicate this to
GnuPG:$ gpg --edit-key key_id
and follow the prompts.
Command> trust
7.9.3 Discussion
Public keys are not secret, but they do require trust: the trust that
a given key actually belongs to its alleged owner. A
fingerprint can provide that
trust in a convenient form, easy to read aloud over a telephone.Always verify the fingerprint before trusting a
public key. If you don't, consider this scenario:
- You email your friend, asking for his public key.
- A snooper intercepts your email and sends you
his public key instead of your
friend's. - You blindly add the snooper's public key to your
keyring, believing it to be your friend's. - You encrypt sensitive mail using the snooper's key
and send it to your friend. - The snooper intercepts your mail and decrypts it.
7.9.4 See Also
gpg(1).
