On Fri, 19 Dec 2008 11:26, jam...@jml.net said:
> Is a signed e-mail containing a fingerprint equivalent to signing a key?
No, it is different:
* If you sign a key, you actually sign the concatenation of a key and
a user ID.
* If you sign a file with a fingerprint you merely sign the key.
Thus in the latter case there is no way to check whether the key belongs
to a certain user ID. Of course if you sign a file with a content like:
pub 2048D/1E42B367 2007-12-31 [expires: 2018-12-31]
Key fingerprint = 8061 5870 F5BA D690 3336 86D0 F2AD 85AC 1E42 B367
uid Werner Koch <w...@gnupg.org>
both methods are equivalent. However, this manual verification process
is more error prone than having gpg do that for you.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
