You are not logged in. Your edit will be placed in a queue until it is peer reviewed.
We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.
Required fields*
-
3+1. OP, In the case of EC public keys - the public key must be a point that lies on the EC curve. A simple way to check for an error in an EC public key is to simply check if it lies on the EC curve. If there was some error during the transfer of the EC public key, then the likelihood of it lying on the EC curve will be infinitesimally small.mti2935– mti29352025-04-24 21:43:42 +00:00Commented Apr 24, 2025 at 21:43
-
4@mti2935: only using X9 uncompressed form (or hybrid, which AFAIK nobody ever did). X9 compressed, and the only standard form for EdDSA, are dense and errors are likely to produce an apparently-valid wrong value. // PGP uses such a fingerprint as the key's official identification, and for decades (until fairly recent attacks) it was common for someone to give you their keyid (usually truncated to 32bits or 64bits) and store the full key in a server from which you could fetch it by keyid.dave_thompson_085– dave_thompson_0852025-04-25 00:38:20 +00:00Commented Apr 25, 2025 at 0:38
-
2Another variant on this could be to print both the full key (if reasonably short) and the fingerprint/hash, so that the recipient can type in the key and then double-check it using the fingerprint.Solomon Ucko– Solomon Ucko2025-04-25 03:13:36 +00:00Commented Apr 25, 2025 at 3:13
-
4@jpa: You're ignoring the OP's scenario. Do you really think that two people will first go through all the trouble of doing a physical meeting for the sole purpose of a fingerprint exchange, but then they suddenly become too lazy to actually check the full fingerprints? This sounds absurd. Anyway, if mobile phones are acceptable in the meeting, the participants could scan the keys/fingerprints as QR codes (like in WPA3 SAE-PK).Ja1024– Ja10242025-04-25 06:41:51 +00:00Commented Apr 25, 2025 at 6:41
-
4@dave_thompson_085 While PGP keys are/were identified by keyid, they never were meant to be verified by keyid, but by fingerprint. The keyid is a trunctated fingerprint (was 32 bit, nowadays 64 bit), and you were supposed to compare the whole fingerprint since the invention of PGP.Michael Karcher– Michael Karcher2025-04-25 07:26:05 +00:00Commented Apr 25, 2025 at 7:26
|
Show 5 more comments
How to Edit
- Correct minor typos or mistakes
- Clarify meaning without changing it
- Add related resources or links
- Always respect the author’s intent
- Don’t use edits to reply to the author
How to Format
-
create code fences with backticks ` or tildes ~
```
like so
``` -
add language identifier to highlight code
```python
def function(foo):
print(foo)
``` - put returns between paragraphs
- for linebreak add 2 spaces at end
- _italic_ or **bold**
- quote by placing > at start of line
- to make links (use https whenever possible)
<https://example.com>[example](https://example.com)<a href="https://example.com">example</a>
How to Tag
A tag is a keyword or label that categorizes your question with other, similar questions. Choose one or more (up to 5) tags that will help answerers to find and interpret your question.
- complete the sentence: my question is about...
- use tags that describe things or concepts that are essential, not incidental to your question
- favor using existing popular tags
- read the descriptions that appear below the tag
If your question is primarily about a topic for which you can't find a tag:
- combine multiple words into single-words with hyphens (e.g. web-application), up to a maximum of 35 characters
- creating new tags is a privilege; if you can't yet create a tag you need, then post this question without it, then ask the community to create it for you