[Debian-uk] GPG keys and QR codes

Paul Martin pm at debian.org
Sun Aug 18 22:29:00 BST 2013

On Sun, Aug 18, 2013 at 04:14:37PM +0100, Matthew Vernon wrote:
> I'm a bit of a luddite, but I just use gpg-key2ps from the
> signing-party package to produce a set of slips of paper to give
> people. It's easy for me to be sure I've given out the correct
> fingerprint, and easy for the other party to check the fingerprint
> against a key in due course. I'm not sure I quite want to trust
> QR-codes...

Agreed.  I always check the fingerprint visually against the uid[*]
I'm preparing to sign.  That's a bit difficult to do if you have to
decode a barcode with your smartphone.

Anyone proffering solely a QR code will be politely refused.

[*] Make sure your key slip shows all the email addresses/uids you
wish to be signed.

Paul Martin <pm at debian.org>
...who is starting to sound like Kinnison on this matter. ;-)

More information about the Debian-uk mailing list