HI everybody, This is a reminder about the upcoming WLUG meeting, to be held on Thursday, April 22, at 7:00 PM at the usual place (the Access Grid room at WPI). At this meeting, we'll be having a PGP keysigning party, as described by Chuck Anderson in an email earlier this week. I hope a few people will be there to share how they make this work from their favorite email program. I haven't been entirely successful with Kmail, but I'll share just the same. Even if you don't have a PGP key, come over anyway to learn about this technology and to chat with others. I'd also be happy to relate to you the results of the "Introduction to Linux" class which I've recently finished teaching for the Chelmsford Community Education program. I'll be teaching this class again in September, and we're currently planning a much more advanced class. Also, bring along your ideas for future meetings! Afterwards, we'll venture out for pizza and beer at the newly renovated Boynton Restaurant - you won't recognize the place! See ya later, Andy -- Andy Stewart, Founder Worcester Linux Users' Group Worcester, MA USA http://www.wlug.org
On Mon, Apr 19, 2004 at 10:01:46PM -0400, Andy Stewart wrote:
This is a reminder about the upcoming WLUG meeting, to be held on Thursday, April 22, at 7:00 PM at the usual place (the Access Grid room at WPI).
At this meeting, we'll be having a PGP keysigning party, as described by Chuck Anderson in an email earlier this week. I hope a few people will be there to share how they make this work from their favorite email program. I haven't been entirely successful with Kmail, but I'll share just the same.
I've only received a few PGP keys, but there's still time left to get your key created and submitted for Thursday's keysigning party! Thursday night you'll need: 3.2 What participants should bring to the party 1. Themselves - you cannot participate virtually 2. Two forms of positive picture ID - a driver's license and passport are good 3. Key ID, Key Type, Hex Fingerprint and Key Size info (NOTE: please print out your own copy of your key to compare against my copy when you arrive.) 4. A Pen/Pencil 3.3 What Participants Should Not Bring to the Party 1. A Computer
To complete the PGP Keysigning process: 1. Sign All The Verified IDs On The Verified Keys gpg --keyserver pgp.mit.edu --recv-keys <Key_ID> gpg --sign-key <Key_ID> [ Verify the fingerprint against your sheet. You probably want to select (3) I have done very careful checking in this case, since we met in person and verified physical photo ID's. ] 2. Send The Signed Keys Back Up To The Designated Keyserver gpg --keyserver pgp.mit.edu --send-key <Key_ID> Finally, once everyone has signed everyone else's keys and sent them to the keyserver, you will want to download the signed versions once more from the keyserver. You can do this at any time without fear of overwritting keys--GnuPG will always merge the changes into your local keyring (--recv-keys) or the remote keyserver (--send-keys) as necessary. 3. Download the Signed Keys from The Designated Keyserver gpg --keyserver pgp.mit.edu --recv-key <Key_ID> It is a good idea to periodically re-download keys to receive new signatures, learn of revoked keys, etc. You can tell a signature was added by the output of --recv-keys. You can list key signatures with: gpg --list-sigs [<Key_ID>] where <Key_ID> is optional. You may notice some keys signed by unknown user ids. If you receive those keys from the keyserver(s) you can build your Web Of Trust to include people you don't know. This gets into how much you trust people with whom you have verified keys directly to sign *other* people's keys properly/securely. More on this later....
I got as far as Really sign? And then it asked for my passphrase, but I'm not sure it really knows who I am. It has my rcn address, which is not the one I used to create the key. WTF??? What do I do if my passphrase fails? Why is my middle initial missing? Why is my key ID different from what it was when I created it, and how did I create it in 2003? when I do gpg --fingerprint, I get the key I didn't know about, the one I made this week, and one from somebody I don't know and who doesn't appear in my address book (Vincent Danen). When I do gpg --list-sigs, my new key is listed as revoked. Did I screw up on following the first set of directions? Greg Charles R. Anderson wrote:
To complete the PGP Keysigning process:
1. Sign All The Verified IDs On The Verified Keys
gpg --keyserver pgp.mit.edu --recv-keys <Key_ID> gpg --sign-key <Key_ID>
[ Verify the fingerprint against your sheet. You probably want to select (3) I have done very careful checking in this case, since we met in person and verified physical photo ID's. ]
2. Send The Signed Keys Back Up To The Designated Keyserver
gpg --keyserver pgp.mit.edu --send-key <Key_ID>
Finally, once everyone has signed everyone else's keys and sent them to the keyserver, you will want to download the signed versions once more from the keyserver. You can do this at any time without fear of overwritting keys--GnuPG will always merge the changes into your local keyring (--recv-keys) or the remote keyserver (--send-keys) as necessary.
3. Download the Signed Keys from The Designated Keyserver
gpg --keyserver pgp.mit.edu --recv-key <Key_ID>
It is a good idea to periodically re-download keys to receive new signatures, learn of revoked keys, etc. You can tell a signature was added by the output of --recv-keys. You can list key signatures with:
gpg --list-sigs [<Key_ID>]
where <Key_ID> is optional.
You may notice some keys signed by unknown user ids. If you receive those keys from the keyserver(s) you can build your Web Of Trust to include people you don't know. This gets into how much you trust people with whom you have verified keys directly to sign *other* people's keys properly/securely. More on this later....
_______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
I got as far as 'Really sign?' and then it didn't like my passphrase. I did gpg --fingerprint It seems that I already have a key that I allegedly made in December 2003. I don't remember doing this, and I don't understand how I could have done it without going through the procedure that we all just used this week. When I do gpg --list-sigs, my new key is listed as revoked. Did I screw up on following the first set of directions? I tried putting the new key ID in the default key line of my options file, and when I try to sign someone's key, I get the message gpg: no default secret key: unusable secret key Any suggestions on what to do? Thanks Greg Avedissian Charles R. Anderson wrote:
To complete the PGP Keysigning process:
1. Sign All The Verified IDs On The Verified Keys
gpg --keyserver pgp.mit.edu --recv-keys <Key_ID> gpg --sign-key <Key_ID>
[ Verify the fingerprint against your sheet. You probably want to select (3) I have done very careful checking in this case, since we met in person and verified physical photo ID's. ]
2. Send The Signed Keys Back Up To The Designated Keyserver
gpg --keyserver pgp.mit.edu --send-key <Key_ID>
Finally, once everyone has signed everyone else's keys and sent them to the keyserver, you will want to download the signed versions once more from the keyserver. You can do this at any time without fear of overwritting keys--GnuPG will always merge the changes into your local keyring (--recv-keys) or the remote keyserver (--send-keys) as necessary.
3. Download the Signed Keys from The Designated Keyserver
gpg --keyserver pgp.mit.edu --recv-key <Key_ID>
It is a good idea to periodically re-download keys to receive new signatures, learn of revoked keys, etc. You can tell a signature was added by the output of --recv-keys. You can list key signatures with:
gpg --list-sigs [<Key_ID>]
where <Key_ID> is optional.
You may notice some keys signed by unknown user ids. If you receive those keys from the keyserver(s) you can build your Web Of Trust to include people you don't know. This gets into how much you trust people with whom you have verified keys directly to sign *other* people's keys properly/securely. More on this later....
_______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
On Fri, Apr 23, 2004 at 05:39:38PM -0400, gma2004@verizon.net wrote:
I did gpg --fingerprint
When I do gpg --list-sigs, my new key is listed as revoked. Did I screw up on following the first set of directions?
It depends. Did you do something like "gpg --import revoke.asc" ? If so, you revoked your public key. The last version of your key that I saw on the keyserver isn't revoked, so ... You could, in theory, go in, delete your public key from your keyring, then do a recv-key to download the non-revoked one. more info on revoking in: http://www.hackdiary.com/archives/000042.html, http://www.gnupg.org/(en)/documentation/faqs.html#q4.17 -- Randomly Generated Tagline: "At least it had heated rear windows--so your hands would stay warm while you pushed." - Unknown about the Yugo
Theo, Thanks. No, I didn't import revoke.asc, and your suggestion worked. Next step is to figure out encryption. Greg Theo Van Dinter wrote:
On Fri, Apr 23, 2004 at 05:39:38PM -0400, gma2004@verizon.net wrote:
I did gpg --fingerprint
When I do gpg --list-sigs, my new key is listed as revoked. Did I screw up on following the first set of directions?
It depends. Did you do something like "gpg --import revoke.asc" ? If so, you revoked your public key. The last version of your key that I saw on the keyserver isn't revoked, so ... You could, in theory, go in, delete your public key from your keyring, then do a recv-key to download the non-revoked one.
more info on revoking in: http://www.hackdiary.com/archives/000042.html, http://www.gnupg.org/(en)/documentation/faqs.html#q4.17
I got as far as 'Really sign?' and then it didn't like my passphrase.
I did gpg --fingerprint
It seems that I already have a key that I allegedly made in December
OK, I guess that older key is really mine. I was able to change the password, but I'm still not sure about how to handle this. If I do use this older key, how do I change the email address on it? Is adduser the correct command for this? Would it make more sense to revoke that one and make a new one? Greg gma2004@verizon.net wrote: 2003. I don't remember doing this, and I don't understand how I could have done it without going through the procedure that we all just used this week.
When I do gpg --list-sigs, my new key is listed as revoked. Did I
screw up on following the first set of directions?
I tried putting the new key ID in the default key line of my options
file, and when I try to sign someone's key, I get the message
gpg: no default secret key: unusable secret key
Any suggestions on what to do?
Thanks
Greg Avedissian
participants (4)
-
Andy Stewart -
Charles R. Anderson -
gma2004@verizon.net -
Theo Van Dinter