Is it secure to transfer an RSA public key by email?

The public key is public, meaning that everybody can know it without endangering security. No problem in putting it in an email, then.

The potential issue would be an active attacker modifying the email while in transit, to replace your public key with his public key. To guard yourself against such attacks, compute a fingerprint of the file you are about to send by email (use the ubiquitous md5sum utility on it), and write the hash value on a piece of paper (which you keep in your wallet). When you are back at home, recompute the hash over the received file, and compare it with the value on the paper. If they match, then everything is fine.


MD5 works perfectly fine for ensuring a file hasn't been altered. Where it (and SHA) is "bad bad bad" is for hashing passwords. The reason? MD5 and SHA are designed to be fast, which makes them easy to brute force with a GPU. For passwords, use a slow hashing algorithm like bcrypt with a random per user salt.

In my use case, I am granting access to someone else on the other side of the country. So after I get his public key, I'll hash it and call him and read the first 5 or 6 letters over the phone. If the content has been altered even slightly, the hash will be totally different so even the first 5 or 6 letters won't match.