Hi all, I've always used grep when checking for PGP Fingerprints. After a thread on Twitter [1], I learned that this is totally insecure: "The potential vuln is that if you just grep for the expected fingerprint, an attacker could insert that sequence as their real name or email address. You need to parse that output very explicitly. Wish gpg would print *only* the fp." So I decided to create a tool to do this safely: https://gitlab.com/alfiedotwtf/fingerprint Comments welcome. Alfie 1. https://twitter.com/alfiedotwtf/status/1078891847953444864 -- Alfie John https://www.alfie.wtf _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography