[Wlug] PGP Key Signing Party

Walt Sawyer wsawyer at norfolk-county.com
Sun Apr 29 19:58:01 EDT 2007 

Here is mine.

7232 6FDF 6586 24F5 D2D7 588C B851 D6B0 0003 2D3B

Thanks!
Walt Sawyer



Eric Martin wrote:
>     This upcoming meeting we are going to have a PGP Key Signing Party.
> For those of you who don't know what PGP is, allow me to briefly
> explain.  This is all base off of the GPG Key Signing HOWTO
> (http://www.rubin.ch/pgp/kspa/gpg-party.en.html) which I suggest for
> further reading.  Those who do know can feel free to skip down to the
> next paragraph.  PGP  stands for Pretty Good Privacy, and is a Public
> Key Infrastructure that allows us to communicate securely and deal with
> data in a secure fashion.  There is a public key that one would
> typically upload to a server and a private key that you hold on to.
> With the private key you can decrypt / sign, and with the public key you
> can encrypt / verify emails and documents.  Key signatures come into
> play when you validate that a specific key belongs to a specific person
> and extend the web of trust.
>
>     Here's what needs to be done BEFORE the meeting on your computer,
> or on
> a secure terminal (e.g. not in a computer lab on your campus).  I'll
> post directions both for GPG (Gnu Privacy Guard) and Kgpg (the KDE front
> -end to gpg for all of those who like GUIs).
>
> 1.    Generate a Key Pair / Verify your key won't expire soon
>     gpg --gen-key
>     (Default values of DSA/Elgamal is fine and the default of 2048 is
> good.)
>     I recommend 3 - 5 years for a key lifespan (how long the key will be
> good for)
>
> 1a)        for those of you wishing to use Kgpg, goto Keys -> Generate Key
> Pair and fill in the dialog box
>     Once you create the New key pair, check the Save As box under
> _Revocation Certificate_ to save a Revocation Certificate (see 2)
>
> 1c)    For those of you who already have a key, make sure yours isn't
> about
> to expire (like mine did).  If it has expired, you can extend the life by
>     $ gpg --edit-key <key-id>
>     and typing expire at the command prompt
>
>     next, generate a new key-pair and sign your new key with your old key
> so anyone who trusted your old one will trust the new one.
>
> 2)    Generate a revocation certificate
>     Revocation certificates are for situations where you forget your
> passphrase, the key becomes comprised, etc you can revoke your key.
>     $ gpg --output revoke.asc --gen-revoke <key-id>
>     Save this in multiple places, print a copy etc in case you need
> it.
> 2GUI)    If you didn't create a revocation cert in Kgpg, just right click
> on your new key and select Revoke Key.  when the box pops up only check
> Save As
>
> 3) Upload your key to the Designated server for this party (pgp.mit.edu)
>
>     $ gpg --send-key --keyserver=pgp.mit.edu <key-id>
> 3GUI)    Right Click on the Key, select Export Public Keys, select Default
> Key Server (make sure it's pgp.mit.edu under Settings)
>
> 4) Email me your key's fingerprint so I can add it to the list
>
>     $ gpg --fingerprint <key-id>
>     Copy and Paste that into an email to the coordinator (me, Eric
> Martin).
>
> 5) print out a copy of that same output and bring it to the meeting.
>
> I'll make up a check list and bring them to the meeting for everyone
> to use.
>
> Example output from Step 4:
>
> pub   1024D/A9413B9F 2007-04-09 [expires: 2010-04-08]
>       Key fingerprint = D1C4 086E DBB5 C18E 6FDA  B215 6A25 7174 A941 3B9F
> uid                  Eric J. Martin <eric.joshua.martin at gmail.com>
> uid                  Eric J. Martin <freak4uxxx at gmail.com>
> sub   2048g/01F81B8E 2007-04-09 [expires: 2010-04-08]
>
> my <key-id> is A9413B9F (which is always the same as my last 8 hex
> digits of my fingerprint).  If like me you don't always remember your
> key-id you can use your email address and it will still work.
>
> My full key information is:
>
> Key ID:         A9413B9F
> Key Type:        DSA
> Hex Fingerprint:    D1C4 086E DBB5 C18E 6FDA  B215 6A25 7174 A941 3B9F
> Key Size:        1024
>
> (The DSA key is always 1024 bits.  The ElGamal Encryption key is 2048
> bits in my case, but isn't needed for the keysigning party.)
>
> What you should bring to this party
>
> 1. Yourself, no exceptions
> 2. Two forms of positive photo ID - driver's license and passport are good
> 3. Key Id, Key Type, Hex Fingerprint and Key size info
>
> ***Please print out your own copy of your info to compare against mine
> when you arrive ***
>
> 4. Pen / Pencil
>
> What you Should Not Bring
>
> 1. Computer
>
> I want to thank Chuck Anderson for helping me out.  If you have any
> questions please let me know.
>
> Eric
_______________________________________________
Wlug mailing list
Wlug at mail.wlug.org
http://mail.wlug.org/mailman/listinfo/wlug

More information about the Wlug mailing list