Updated OpenPGP Security (markdown)

Dominik Schürmann 2015-03-16 15:31:45 +01:00
parent b791424548
commit c2f1e2539e
1 changed files with 3 additions and 1 deletions

@ -71,7 +71,9 @@ So reasonable tools should not expose either short or long key IDs to users, or
For anything human-facing, we should be using human-intelligible things like user IDs and creation dates. These are trivial to forge, but people can relate to them. This is better than offering the user something that is also trivial to forge, but that people cannot relate to. The job of any key management UI should be to interpret the cryptographic assurances provided by the certifications and present that to the user in a comprehensible way.
For anything not human-facing (e.g. key management data storage, etc), we should be using the full key itself. We'll also want to store the full fingerprint as an index, since that is used for communication and key exchange (e.g. on calling cards).
For anything not human-facing (e.g. key management data storage, etc), we should be using the full key itself. We'll also want to store the full fingerprint as an index, since that is used for communication and key exchange (e.g. on calling cards).
#### In OpenKeychain
In OpenKeychain several methods for key exchange exists:
* QR Codes containing the full fingerprint