-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This upcoming meeting we are going to have a PGP Key Signing Party. For those of you who don't know what PGP is, allow me to briefly explain. This is all base off of the GPG Key Signing HOWTO (http://www.rubin.ch/pgp/kspa/gpg-party.en.html) which I suggest for further reading. Those who do know can feel free to skip down to the next paragraph. PGP stands for Pretty Good Privacy, and is a Public Key Infrastructure that allows us to communicate securely and deal with data in a secure fashion. There is a public key that one would typically upload to a server and a private key that you hold on to. With the private key you can decrypt / sign, and with the public key you can encrypt / verify emails and documents. Key signatures come into play when you validate that a specific key belongs to a specific person and extend the web of trust. Here's what needs to be done BEFORE the meeting on your computer, or on a secure terminal (e.g. not in a computer lab on your campus). I'll post directions both for GPG (Gnu Privacy Guard) and Kgpg (the KDE front - -end to gpg for all of those who like GUIs). 1. Generate a Key Pair / Verify your key won't expire soon gpg --gen-key (Default values of DSA/Elgamal is fine and the default of 2048 is good.) I recommend 3 - 5 years for a key lifespan (how long the key will be good for) 1a) for those of you wishing to use Kgpg, goto Keys -> Generate Key Pair and fill in the dialog box Once you create the New key pair, check the Save As box under _Revocation Certificate_ to save a Revocation Certificate (see 2) 1c) For those of you who already have a key, make sure yours isn't about to expire (like mine did). If it has expired, you can extend the life by $ gpg --edit-key <key-id> and typing expire at the command prompt next, generate a new key-pair and sign your new key with your old key so anyone who trusted your old one will trust the new one. 2) Generate a revocation certificate Revocation certificates are for situations where you forget your passphrase, the key becomes comprised, etc you can revoke your key. $ gpg --output revoke.asc --gen-revoke <key-id> Save this in multiple places, print a copy etc in case you need it. 2GUI) If you didn't create a revocation cert in Kgpg, just right click on your new key and select Revoke Key. when the box pops up only check Save As 3) Upload your key to the Designated server for this party (pgp.mit.edu) $ gpg --send-key --keyserver=pgp.mit.edu <key-id> 3GUI) Right Click on the Key, select Export Public Keys, select Default Key Server (make sure it's pgp.mit.edu under Settings) 4) Email me your key's fingerprint so I can add it to the list $ gpg --fingerprint <key-id> Copy and Paste that into an email to the coordinator (me, Eric Martin). 5) print out a copy of that same output and bring it to the meeting. I'll make up a check list and bring them to the meeting for everyone to use. Example output from Step 4: pub 1024D/A9413B9F 2007-04-09 [expires: 2010-04-08] Key fingerprint = D1C4 086E DBB5 C18E 6FDA B215 6A25 7174 A941 3B9F uid Eric J. Martin <eric.joshua.martin@gmail.com> uid Eric J. Martin <freak4uxxx@gmail.com> sub 2048g/01F81B8E 2007-04-09 [expires: 2010-04-08] my <key-id> is A9413B9F (which is always the same as my last 8 hex digits of my fingerprint). If like me you don't always remember your key-id you can use your email address and it will still work. My full key information is: Key ID: A9413B9F Key Type: DSA Hex Fingerprint: D1C4 086E DBB5 C18E 6FDA B215 6A25 7174 A941 3B9F Key Size: 1024 (The DSA key is always 1024 bits. The ElGamal Encryption key is 2048 bits in my case, but isn't needed for the keysigning party.) What you should bring to this party 1. Yourself, no exceptions 2. Two forms of positive photo ID - driver's license and passport are good 3. Key Id, Key Type, Hex Fingerprint and Key size info ***Please print out your own copy of your info to compare against mine when you arrive *** 4. Pen / Pencil What you Should Not Bring 1. Computer I want to thank Chuck Anderson for helping me out. If you have any questions please let me know. Eric -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGMBvKaiVxdKlBO58RAsCVAJ9cA488l+SybdxD+rgqNWGi/U9tUQCeMvH8 UAhMTFVRG5SbVVn5jqbVwqg= =BSzn -----END PGP SIGNATURE-----
Here is mine. 7232 6FDF 6586 24F5 D2D7 588C B851 D6B0 0003 2D3B Thanks! Walt Sawyer Eric Martin wrote:
This upcoming meeting we are going to have a PGP Key Signing Party. For those of you who don't know what PGP is, allow me to briefly explain. This is all base off of the GPG Key Signing HOWTO (http://www.rubin.ch/pgp/kspa/gpg-party.en.html) which I suggest for further reading. Those who do know can feel free to skip down to the next paragraph. PGP stands for Pretty Good Privacy, and is a Public Key Infrastructure that allows us to communicate securely and deal with data in a secure fashion. There is a public key that one would typically upload to a server and a private key that you hold on to. With the private key you can decrypt / sign, and with the public key you can encrypt / verify emails and documents. Key signatures come into play when you validate that a specific key belongs to a specific person and extend the web of trust.
Here's what needs to be done BEFORE the meeting on your computer, or on a secure terminal (e.g. not in a computer lab on your campus). I'll post directions both for GPG (Gnu Privacy Guard) and Kgpg (the KDE front -end to gpg for all of those who like GUIs).
1. Generate a Key Pair / Verify your key won't expire soon gpg --gen-key (Default values of DSA/Elgamal is fine and the default of 2048 is good.) I recommend 3 - 5 years for a key lifespan (how long the key will be good for)
1a) for those of you wishing to use Kgpg, goto Keys -> Generate Key Pair and fill in the dialog box Once you create the New key pair, check the Save As box under _Revocation Certificate_ to save a Revocation Certificate (see 2)
1c) For those of you who already have a key, make sure yours isn't about to expire (like mine did). If it has expired, you can extend the life by $ gpg --edit-key <key-id> and typing expire at the command prompt
next, generate a new key-pair and sign your new key with your old key so anyone who trusted your old one will trust the new one.
2) Generate a revocation certificate Revocation certificates are for situations where you forget your passphrase, the key becomes comprised, etc you can revoke your key. $ gpg --output revoke.asc --gen-revoke <key-id> Save this in multiple places, print a copy etc in case you need it. 2GUI) If you didn't create a revocation cert in Kgpg, just right click on your new key and select Revoke Key. when the box pops up only check Save As
3) Upload your key to the Designated server for this party (pgp.mit.edu)
$ gpg --send-key --keyserver=pgp.mit.edu <key-id> 3GUI) Right Click on the Key, select Export Public Keys, select Default Key Server (make sure it's pgp.mit.edu under Settings)
4) Email me your key's fingerprint so I can add it to the list
$ gpg --fingerprint <key-id> Copy and Paste that into an email to the coordinator (me, Eric Martin).
5) print out a copy of that same output and bring it to the meeting.
I'll make up a check list and bring them to the meeting for everyone to use.
Example output from Step 4:
pub 1024D/A9413B9F 2007-04-09 [expires: 2010-04-08] Key fingerprint = D1C4 086E DBB5 C18E 6FDA B215 6A25 7174 A941 3B9F uid Eric J. Martin <eric.joshua.martin@gmail.com> uid Eric J. Martin <freak4uxxx@gmail.com> sub 2048g/01F81B8E 2007-04-09 [expires: 2010-04-08]
my <key-id> is A9413B9F (which is always the same as my last 8 hex digits of my fingerprint). If like me you don't always remember your key-id you can use your email address and it will still work.
My full key information is:
Key ID: A9413B9F Key Type: DSA Hex Fingerprint: D1C4 086E DBB5 C18E 6FDA B215 6A25 7174 A941 3B9F Key Size: 1024
(The DSA key is always 1024 bits. The ElGamal Encryption key is 2048 bits in my case, but isn't needed for the keysigning party.)
What you should bring to this party
1. Yourself, no exceptions 2. Two forms of positive photo ID - driver's license and passport are good 3. Key Id, Key Type, Hex Fingerprint and Key size info
***Please print out your own copy of your info to compare against mine when you arrive ***
4. Pen / Pencil
What you Should Not Bring
1. Computer
I want to thank Chuck Anderson for helping me out. If you have any questions please let me know.
Eric
_______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
participants (2)
-
Eric Martin
-
Walt Sawyer