fingerprint associated public key does not match displayed public key
Rainer Fiebig
jrf at mailbox.org
Tue Dec 21 11:39:51 CET 2021
Am 18.12.21 um 19:07 schrieb Ingo Klöcker:
> On Freitag, 17. Dezember 2021 18:04:04 CET S.B. via Gnupg-users wrote:
>>> Otherwise, you can simply send your exported key to the person you want to
>>> give your public key to.
>>
>> Yeah so, I can attach the .asc file that's in my Disk/users/SamiBadri
>> folder (it's the only .asc file I've seen), but I'm assuming that is
>> my public key. Is that correct?
>
> Well, it depends. We have no idea what the .asc file in Disk/users/SamiBadri
> contains. It could be your public key. Or it could be somebody else's public
> key. Or it could be something other than a public key.
>
> Quite frankly, I suggest that you follow Robert's advice and start your
> learning experience with OpenPGP by using an email client that supports
> OpenPGP out-of-the-box. All decent email clients should have a functionality
> to attach your public key to an email without you having to attach some file
> manually.
>
>> Is there anyway to send your private key?
>
> Sure. You can send any file to anyone, so, of course, you can do the same with
> your private key (unless it's stored on a smartcard in a read-protected slot).
>
> A decent email client should not offer a functionality to attach your secret
> key to an email. So, if you stick to what your email client offers you, then
> you should be safe.
>
>> I want to know so that I don't do it accidentally.
>
> Then don't attach random files you find on your disk to your emails without
> knowing what those files contain.
>
>> Also, if I
>> use the cat SamiB.asc command, the terminal reveals a certificate (and
>> I assume that's my public key certificate).
>
> You shouldn't assume anything if you are dealing with encryption software. You
> should be sure what you are doing. Otherwise, in the extreme, you could
> jeopardize the lives of other people.
>
And then there's the one you're communicating with. Also make sure that
*he* knows what he is doing. Otherwise you might jeopardize your own
life. For example: Someone who replies to your top secret, perfectly
encrypted mail - without encrypting his reply. ;)
Rainer
More information about the Gnupg-users
mailing list