[Cryptography] distributing fingerprints etc. via QR codes etc.
Werner Koch
wk at gnupg.org
Sun Sep 14 05:41:41 EDT 2014
On Sun, 14 Sep 2014 01:09, leichter at lrw.com said:
> A QR image can contain a URL. Common software scanning such a QR
> image will pass the URL to the default browser, which will typically
> open it. I don't know - never had any reason to experiment - whether
> non-HTTP URL's also get passed to their registered handlers, though I
> suspect at least some QR-reading software will do that.
Would data like
nonfoo://nonexistent.foo.org/sec?encoded_private_key
be a failsafe approach to avoid that a QR reader leaks a backup of a
private key via the browser? I assume that foo.org is controlled by a
trusted party and that the subdomain does not exist.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the cryptography
mailing list