[Wlug] PGP Key Signing Party

Eric Martin freak4uxxx at gmail.com
Wed Apr 25 23:26:02 EDT 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

	This upcoming meeting we are going to have a PGP Key Signing Party.
For those of you who don't know what PGP is, allow me to briefly
explain.  This is all base off of the GPG Key Signing HOWTO
(http://www.rubin.ch/pgp/kspa/gpg-party.en.html) which I suggest for
further reading.  Those who do know can feel free to skip down to the
next paragraph.  PGP  stands for Pretty Good Privacy, and is a Public
Key Infrastructure that allows us to communicate securely and deal with
data in a secure fashion.  There is a public key that one would
typically upload to a server and a private key that you hold on to.
With the private key you can decrypt / sign, and with the public key you
can encrypt / verify emails and documents.  Key signatures come into
play when you validate that a specific key belongs to a specific person
and extend the web of trust.

	Here's what needs to be done BEFORE the meeting on your computer, or on
a secure terminal (e.g. not in a computer lab on your campus).  I'll
post directions both for GPG (Gnu Privacy Guard) and Kgpg (the KDE front
- -end to gpg for all of those who like GUIs).

1.	Generate a Key Pair / Verify your key won't expire soon
	gpg --gen-key
	(Default values of DSA/Elgamal is fine and the default of 2048 is good.)
	I recommend 3 - 5 years for a key lifespan (how long the key will be
good for)

1a)		for those of you wishing to use Kgpg, goto Keys -> Generate Key
Pair and fill in the dialog box
	Once you create the New key pair, check the Save As box under
_Revocation Certificate_ to save a Revocation Certificate (see 2)

1c)	For those of you who already have a key, make sure yours isn't about
to expire (like mine did).  If it has expired, you can extend the life by
	$ gpg --edit-key <key-id>
	and typing expire at the command prompt

	next, generate a new key-pair and sign your new key with your old key
so anyone who trusted your old one will trust the new one.

2)	Generate a revocation certificate
	Revocation certificates are for situations where you forget your
passphrase, the key becomes comprised, etc you can revoke your key.
	$ gpg --output revoke.asc --gen-revoke <key-id>
	Save this in multiple places, print a copy etc in case you need
it.
2GUI)	If you didn't create a revocation cert in Kgpg, just right click
on your new key and select Revoke Key.  when the box pops up only check
Save As

3) Upload your key to the Designated server for this party (pgp.mit.edu)

	$ gpg --send-key --keyserver=pgp.mit.edu <key-id>
3GUI)	Right Click on the Key, select Export Public Keys, select Default
Key Server (make sure it's pgp.mit.edu under Settings)

4) Email me your key's fingerprint so I can add it to the list

	$ gpg --fingerprint <key-id>
	Copy and Paste that into an email to the coordinator (me, Eric Martin).

5) print out a copy of that same output and bring it to the meeting.

I'll make up a check list and bring them to the meeting for everyone to use.

Example output from Step 4:

pub   1024D/A9413B9F 2007-04-09 [expires: 2010-04-08]
      Key fingerprint = D1C4 086E DBB5 C18E 6FDA  B215 6A25 7174 A941 3B9F
uid                  Eric J. Martin <eric.joshua.martin at gmail.com>
uid                  Eric J. Martin <freak4uxxx at gmail.com>
sub   2048g/01F81B8E 2007-04-09 [expires: 2010-04-08]

my <key-id> is A9413B9F (which is always the same as my last 8 hex
digits of my fingerprint).  If like me you don't always remember your
key-id you can use your email address and it will still work.

My full key information is:

Key ID: 		A9413B9F
Key Type:		DSA
Hex Fingerprint:	D1C4 086E DBB5 C18E 6FDA  B215 6A25 7174 A941 3B9F
Key Size:		1024

(The DSA key is always 1024 bits.  The ElGamal Encryption key is 2048
bits in my case, but isn't needed for the keysigning party.)

What you should bring to this party

1. Yourself, no exceptions
2. Two forms of positive photo ID - driver's license and passport are good
3. Key Id, Key Type, Hex Fingerprint and Key size info

***Please print out your own copy of your info to compare against mine
when you arrive ***

4. Pen / Pencil

What you Should Not Bring

1. Computer

I want to thank Chuck Anderson for helping me out.  If you have any
questions please let me know.

Eric
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGMBvKaiVxdKlBO58RAsCVAJ9cA488l+SybdxD+rgqNWGi/U9tUQCeMvH8
UAhMTFVRG5SbVVn5jqbVwqg=
=BSzn
-----END PGP SIGNATURE-----

More information about the Wlug mailing list