I hadn't gotten round to answer your earlier questions yet, since I noticed a point I should first spend some effort and thinking on.
On 12/06/17 16:14, Stefan Claas wrote: > And a question for this... If Mallory would get > somehow access to my Computer and replace one pub key from my > communication partners with a fake one and sets the trust level to > Ultimate. How can i detect this, if i'm not always looking at the > complete Fingerprint and compare it with a separate list? It is impossible to use any form of cryptography in a secure fashion when somebody is in a position to mess with the computer you're using it on. Worst is someone with administrator privileges, but somebody with the same privileges as you is already more than enough to completely subvert your security. They could alter your search path and put their own binaries in them. Any program you launch, be it GnuPG, your e-mail client, your shell, or any other program you use, could be replaced by something else. Same for your data files, as you point out. Your user account needs to be secure from evildoers. It depends on your threat model how you go about this. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
