keysigning at CLUG again
Drake Diedrich
dld at coyote.com.au
Wed Aug 22 00:32:42 EST 2001
Well, I'm still at 8000-something out of ~10,000 in the strongly
connected set, but the set grew by 5% last month, so I guess it's progress.
To repeat last month's instructions to prepare for a key signing session at
CLUG:
In Summary:
gpg --gen-key
gpg --keyserver wwwkeys.au.pgp.net --send-keys {key-id}
gpg --fingerprint {key-id} | CLUG
gpg --keyserver wwwkeys.au.pgp.net --recv-keys {key-id} {key-id} ...
gpg --edit {key-id}
fpr
sign
save
gpg --keyserver wwwkeys.au.pgp.net --send-keys {key-id} {key-id} ...
In Full form:
1) Generate a key on your own (private, secure) system.
gpg --gen-key
(gpg automatically self-signs keys, if using PGP 2.6.3 you'll
need to add this step)
( You may have multiple identities (email addresses) on the same key,
but people individually sign the identities-with-key, so be polite
and keep the number to a minimum, preferably only slowly changing
addresses.)
2) Upload your public key to the public keyservers
gpg --keyserver wwwkeys.au.pgp.net --send-key {key-id}
( {keyid} is the ID number or some other distinctive feature of your
key, like the email address you typed in during key generation )
(the truly paranoid keep their private keys only on offline machines,
but if you were this paranoid you've already read the real docs)
3) Print out a bunch of copies of your public key fingerprint
gpg --fingerprint {key-id}
4) Go to CLUG, bringing copies of your fingerprint. No need to bring a
computer.
Walk around looking for other people with papers, business cards,
passports, and drivers licenses in their hands. Introduce yourself,
exchange fingerprint cards, and temporarily exchange photo ID. Verify that
the name on the photo ID is the name on the fingerprint. Make a note to
yourself that you've verified this, return the photo ID, and put the
fingerprint card in your pocket. {Note, remember not to wash pants before
removing fingerprint notes}
5) At home, dig out all fingerprints. Pull down all of the public keys from
the keyserver.
gpg --keyserver wwwkeys.au.pgp.net --recv-key {key-id} {key-id} ...
Now, this is the whole point of the entire exercise:
VERIFY THAT THE KEY FROM THE KEYSERVER HAS THE SAME FINGERPRINT AS THE ONE
YOU RECEIVED IN PERSON.
Sign the public key.
gpg --edit {key-id}
fpr
sign
save
If you lose the fingerprint cards, don't sign the key. You've just
wasted an evening. ( I've done this twice at conferences now..)
6) Upload the signed key to a public keyserver (they merge signatures, so no
worry about overwriting each other).
gpg --send-keys {key-id} {key-id} {key-id} ...
To save typing and bandwidth, a few useful additions to your .gnupg/options:
default-key 0xWHATEVER
load-extension idea
keyserver wwwkeys.au.pgp.net
honor-http-proxy
And then, not only can you sign messages, but other CLUG members might
be able to verify them!
-Drake
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 350 bytes
Desc: not available
Url : http://lists.samba.org/archive/linux/attachments/20010822/f51d40f4/attachment.bin
More information about the linux
mailing list