[Debian-uk] GPG keys and QR codes

Simon McVittie smcv at debian.org
Mon Aug 19 11:44:23 BST 2013

On 18/08/13 11:43, Lars Wirzenius wrote:
> On Sat, Aug 17, 2013 at 09:32:00AM +0100, Colin Tuckley wrote:
>> Has anyone else thought about this and maybe got further towards a
>> usable system where people could swap key fingerprints by scanning each
>> others QR coded Public key info?

monkeysign <http://web.monkeysphere.info/monkeysign/> also exists.

> A bad scenario would
> be that you are given only a QR code on paper, and you take a photo of
> that, see a name and a fingerprint, and sign that.

Unfortunately, it seems monkeysign generates a bare QR code (containing
the fingerprint, or at least, it doesn't look information-rich enough
for a whole key to me). I agree it'd be better if it produced a
gpg-key2ps-style keyslip, with the QR code added at one end: then you
could show the QR code to your webcam as a shortcut for data-entry, and
check the on-screen fingerprint and details against the ones on the slip
(the same way you would if you'd retrieved a key by its short key ID).


More information about the Debian-uk mailing list