Reputation: 8360
The purpose of fingerprints (GPG)
A question about fingerprints:
Assume that me and my friend have a lot of time on our hands and that we have extremely good memory.
I send him my public key. To prove that the key he has on his computer is the same key that I sent him, I proceed to call him on the phone and read out the whole key in ASCII, as he checks it against what he has on his computer. (I know that it is unnecessary to send the key at all if I'm going to read it over the phone but this is just for the sake of the example.)
My question is then:
Is reading the entire key out loud over the phone to the other person and having him checking it against what he has on his computer equivalent to comparing the fingerprints of the key(s)? I.e, is the fingerprint just a means to assure that the message has not been intercepted and altered?
Upvotes: 10
Views: 3375
Answers (2)
Reputation: 101
There is already a checksumming mechanism described in https://github.com/ethereum/EIPs/blob/master/EIPS/eip-55.md
If you're writing a program using web3.js, for example, you can use https://web3js.readthedocs.io/en/1.0/web3-utils.html#isaddress to check the integrity of the address (e.g. if it has been corrupted or cut short or something like that).
Upvotes: 0
Reputation: 6563
The fingerprint is hash (like checksum) of the entire public key. The purpose is as you said - shorter way to compare the public key.
Upvotes: 7
Related Questions
- Get fingerprints of OpenPGP keys
- Import PGP public key from Fingerprint
- Extract gpg fingerprint
- Get key signature/fingerprint for GPG Public Key
- Why crypto object is needed for Android fingerprint authentication?
- How do digital fingerprints prevent fake public keys from being passed?
- How to get a public OpenPGP key only knowing its fingerprint?
- How to compare a primary key fingerprint after verifying a signature with gpg?
- PGP - GnuPG - A few questions
- Authentication using GPG