LibrePlanet: Conference/2010/Schedule/Saturday/GNU Privacy Guard Keysigning Party

From LibrePlanet
Jump to: navigation, search
m
Line 26: Line 26:
 
* After all the fingerprints have been verified we'll form a line to check identification.  If you are satisfied that the person owning the key is who they claim place a second tick mark by their fingerprint.
 
* After all the fingerprints have been verified we'll form a line to check identification.  If you are satisfied that the person owning the key is who they claim place a second tick mark by their fingerprint.
  
=== What need you need to do after the keysigning party ===
+
=== What you need to do after the keysigning party ===
  
 
* When you return home retrieve the public key from a key server or have the key emailed to you and verify each public key against your hard copy.
 
* When you return home retrieve the public key from a key server or have the key emailed to you and verify each public key against your hard copy.

Revision as of 12:10, 15 March 2010

Please remember that this event is focused on free software, not open source. We have a set of guidelines for speakers, but we ask everyone to be mindful of the power of words and the importance of framing the issues being discussed and worked on in the best possible terms.

Register now

Everyone who attends gets a free t-shirt too

Keysigning Party

A keysigning party is a good way to add credibility to your public GPG key and is an opportunity to extend the "web of trust." We'll be using the "Sassaman-Effluent" method as listed under Resources below. I'll list just the items you need to prepare as a participant. Please consult the references for full details.

If you don't yet have a GPG/PGP it's easy to create one even at the command line. If you already have a key but like me you created it some time ago the keysigning party is a good opportunity to create a new stronger key.

What you need to do before coming to the keysigning party

  • Generate a GPG key if you don't already have one. You can easily create it using the references below. There are graphical tools to do it or it's easy to do from the command line as well.
   gpg --gen-key
  • Email your public key to User:Dennisk. You can generate an ASCII file suitable for mailing easily from the command line. Here's how the command for exporting my public key would look:
   gpg --armor -o dennisk.asc --export dennisk

Of course, you'll use your key name instead.

  • When I receive your public key I'll create a page on my website named LibrePlanet2010Keysigning.html that has the keys of all the participants. The file will have both a MD5sum and Sha1sum hash that you can verify like this:
   gpg --print-md md5 LibrePlanet2010Keysigning.html
   gpg --print-md sha1 LibrePlanet2010Keysigning.html

Please email me your public key by Wednesday evening 7pm Arizona time (-07 hrs UTC) so I can upload the page before I leave for Boston on Thursday morning.

What we'll do during the keysigning party

  • Bring a hard copy of the key list and (preferably) two government-issued IDs to verify your identity to the other participants.
  • Check that your fingerprint is correct in the key list and be prepared to state so publicly.
  • As each fingerprint is publicly verified by its owner place a tick mark next to it.
  • After all the fingerprints have been verified we'll form a line to check identification. If you are satisfied that the person owning the key is who they claim place a second tick mark by their fingerprint.

What you need to do after the keysigning party

  • When you return home retrieve the public key from a key server or have the key emailed to you and verify each public key against your hard copy.
  • Sign keys that match and email the key to the owner who will import it into his keyring.

Resources

  1. Keysigning Party Methods -- The 'Sassaman-Efficient' Method
  2. Web of Trust
  3. PGP -- Pretty Good Privacy
  4. GNU Privacy Guard
  5. MIT PGP Public Key Server
  6. GnuPG Documentation