[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
pgp fingerprint
I've just started studying pgp and crypo and I have a doubt that
maybe you can answer.
Correct me if I'm wrong:
the fingerprint was invented so you can check with the owner of the
public key if his key is correct. Since the fingerprint is something
small, you can check it over the phone or some other way.
The question is: why people put their fingerprints on a mail signature ?
Some one could have changed his public key and changed his message, so
that fingerprint will match a wrong public key.
Isn't it the same nonsense as putting the public key in an email message
(without
signing nor encrypting it) ?
Thanks for the attention,
Gustavo Henrique
=============================================================
Gustavo Henrique Maultasch de Oliveira Sysadmin.com.br
[email protected] http://www.sysadmin.com.br
=============================================================