Git-Mirrors
/
qubes-doc
mirror of https://github.com/QubesOS/qubes-doc.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Further clarify spaces in fingerprint 

https://forum.qubes-os.org/t/23503
This commit is contained in:
Andrew David Wong 2024-01-05 19:58:32 -08:00
parent 1677307880
commit 206f7f2086
No known key found for this signature in database
GPG Key ID: 8CE137352A019A17
1 changed files with 18 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
project-security/verifying-signatures.md
View File

@ -190,8 +190,9 @@ you see here may not be genuine. That's why we strongly suggest obtaining the
fingerprint from *multiple independent sources in several different ways*, then fingerprint from *multiple independent sources in several different ways*, then
comparing the strings of letters and numbers to make sure they match. comparing the strings of letters and numbers to make sure they match.
When it comes to PGP fingerprints, spaces and capitalization don't matter. In For the purpose of convincing yourself that you know the authentic QMSK
other words, all of these fingerprints are considered the same: fingerprint, spaces and capitalization don't matter. In other words, all of
these fingerprints are considered the same:
``` ```
427F 11FD 0FAA 4B08 0123 F01C DDFA 1A3E 3687 9494 427F 11FD 0FAA 4B08 0123 F01C DDFA 1A3E 3687 9494
@ -201,12 +202,16 @@ other words, all of these fingerprints are considered the same:
``` ```
Instead, what matters is that *all* the characters are present in *exactly* the Instead, what matters is that *all* the characters are present in *exactly* the
same order. If even one character is different, the fingerprints do not match. same order. If even one character is different, the fingerprints should not be
Even if two fingerprints have all the same characters, if any of those considered the same. Even if two fingerprints have all the same characters, if
characters are in a different order, sequence, or position, then the any of those characters are in a different order, sequence, or position, then
fingerprints do not match. the fingerprints should not be considered the same.
You may also sometimes see the entire fingerprint prefixed with `0x`, as in: However, for the purpose of *searching for*, *looking up*, or *entering* keys,
spaces and capitalization can matter, depending on the software or tool you're
using. You may need to try different variations (e.g., with and without
spaces). You may also sometimes see (or need to enter) the entire fingerprint
prefixed with `0x`, as in:
``` ```
0x427F11FD0FAA4B080123F01CDDFA1A3E36879494 0x427F11FD0FAA4B080123F01CDDFA1A3E36879494
@ -214,10 +219,12 @@ You may also sometimes see the entire fingerprint prefixed with `0x`, as in:
``` ```
The `0x` prefix is sometimes used to indicate that the string following it is a The `0x` prefix is sometimes used to indicate that the string following it is a
hexadecimal value, and some PGP-related tools may require this prefix. For the hexadecimal value, and some PGP-related tools may require this prefix. Again,
purpose of comparing fingerprints as described here, you may safely ignore the for the purpose of convincing yourself that you know the authentic QMSK
`0x` prefix, as it is not part of the fingerprint. As long as the 40-character fingerprint, you may safely ignore the `0x` prefix, as it is not part of the
string after the `0x` matches exactly, the fingerprint is the same. fingerprint. As long as the 40-character string after the `0x` matches exactly,
the fingerprint is considered the same. The `0x` prefix only matters if the
software or tool you're using cares about it.
The general idea of "comparing fingerprints" is to go out into the world The general idea of "comparing fingerprints" is to go out into the world
(whether digitally, physically, or both) and find other 40-character strings (whether digitally, physically, or both) and find other 40-character strings