[Wlug] Follow-Up to Key Signing Party
Eric Martin
freak4uxxx at gmail.com
Thu May 17 01:17:32 EDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Thanks to everyone who showed up to tonight's key signing party. Now
that we verified everybody had the correct key info and identification,
we actually have to sign each other's keys. We are using the keyserver
pgp.mit.edu. If that isn't your default, you can set it either in
~/.gnupg/gpg.conf or at the command line for each command by using the
argument
- --keyserver pgp.mit.edu
Below is an excerpt from the gpg Key Signing Party HowTo that explains
things in detail.(http://www.rubin.ch/pgp/kspa/gpg-party.en.html#ss3.8):
3.8 How to sign others' keys
Step 1: Get a copy of the key
Normally, you'll be working from a keyserver. However if you are signing
the key that is not available on a keyserver, you can use simply import
the key with gpg --import. If you are working with a keyserver, the
following command will download the key from the keyserver into your
public keyring.
bash$ gpg --keyserver <keyserver> --recv-keys <Key_ID>
If you get a read error, it means the keyserver is overloaded. Please,
try again in a few seconds.
Step 2: Fingerprint and Verify the key
bash$ gpg --fingerprint <Key_ID>
GPG will print out the fingerprint of the Key with <Key_ID > (the key
you just downloaded). Check the fingerprint against the checklist that
you where given at the party. Note: Don't check the fingerprint on your
checklist against the fingerprint on the web page as the server may not
send you the same key it displays on the web page.
Step 3: Sign the key
bash$ gpg --sign-key <Key_ID>
If you have multiple private keys, you can specify which of your private
keys to sign the other persons public key with like this:
bash$ gpg --default-key <Key_to_use> --sign-key <Key_ID>
Step 4: Return or Upload the signed key
If you are working with an entity which does not want their key on a
public keyserver, you should at this point you should return their
signed key back to them by their method of choice - normally encrypted
email. You should not send a public key to a keyserver with out the
permission of the key's owner. Publicizing a public key slightly reduces
the security of a key pair, therefor it is considered rude to make a key
more public than its owner desires.
Most likely you are working with a keyserver. If that is the case, you
can send the signed key back to the keyserver like this:
bash$ gpg --keyserver <keyserver> --send-key <Key_ID>
You should see a success message like this:
gpg: success sending to `<keyserver>' (status=200)
Congratulations, the signature of the other entity's key is now complete
and your signature has been incorporated into their public key. A trust
path has been established.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGS+VsaiVxdKlBO58RAs3xAJ0W7SyjfbQtwHwDaHeWG5EgeWWXzgCfQ8pT
W40gnhPVnkQ3u7E1jbXALvU=
=GM/c
-----END PGP SIGNATURE-----
More information about the Wlug
mailing list