[Cryptography] distributing fingerprints etc. via QR codes etc.

Werner Koch wk at gnupg.org
Sun Sep 14 05:41:41 EDT 2014


On Sun, 14 Sep 2014 01:09, leichter at lrw.com said:

> A QR image can contain a URL.  Common software scanning such a QR
> image will pass the URL to the default browser, which will typically
> open it.  I don't know - never had any reason to experiment - whether
> non-HTTP URL's also get passed to their registered handlers, though I
> suspect at least some QR-reading software will do that.

Would data like

  nonfoo://nonexistent.foo.org/sec?encoded_private_key

be a failsafe approach to avoid that a QR reader leaks a backup of a
private key via the browser?  I assume that foo.org is controlled by a
trusted party and that the subdomain does not exist.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



More information about the cryptography mailing list