It looks like this month we are going to pick up where we left off with last
month's PGP/GPG encryption/digital signatures presentation by Richard Davey,
and actually have our first keysigning party!
and there was much rejoicing...
yay... ;)
I know that the meeting is a ways off (~3 weeks), however there are some
preparations that YOU need to take care of NOW on your home
Linux/UN*X/Windowz machine(s) before you can even participate this month! So
don't come November expecting to get your shiny new GPG key signed without
first following the steps below!
PREPARE FOR KEYSIGNING NOW:
(Must Read These Steps)
To prepare for the keysigning party, each of you who want your own signed keys
(for email, digital signatures, file encryption, etc) must first do the
following NOW:
Step#1 Make your key pair (public and private):
You can do with the KDE app KGPG or via the command line via opengpg.
Suggestions when making your keypair:
-use DSA/El-Gamal keys
-make the El-Gamal key 4096 bits long
-make the lifetime 5 years unless you attend lots of keysigning
-remember (don't write down) your key pair's passphrase.
WARNING: Never forget the passphrase that you use to create your key pair.
This is needed for you to be able to actually USE your GPG based apps later.
-print out your name/key-info/key-fingerprint (see further down in Step#3)
Step#2 Email your public key to the Key-signing party coordinators:
Export your public key with gpg to an ascii armored file like this:
$ gpg --armor --export your@email.com > my-pub-key.asc
or from the kgpg GUI client:
Right click on your keypair
Click "Export Public Key(s)"
it will save your pub-key out to an .asc (test) file.
Send an email to: keysign@xcssa.org
with your public key you made
attached as an .asc (ascii armor) attached file.
The "keysign@xcssa.org" address will go to both myself and Richard
Davey so and we will use it to build a "participant list" that we will
hand out to everyone at the party.
Step#3 Come to Keysigning Party to Get Validated & Signed:
Show up at the XCSSA sponsored keysigning party on Nov. 21st and
bring with you:
-Two forms of picture ID (a driver's license and passport are good Key ID)
-Your Key Info & Fingerprint Printed on Paper:
Bring a single sheet of paper printed out listing your key type, size,
and Hex Fingerprint Info. For Example:
Thomas W. Weeks
DSA/El-Gamal/4096bit
5A27 DABA EEBC 63A5 2A46 0D78 2757 662F 7501 52F1
NOTE: It is critical that you bring the info above, or you will not
be able to participate!
-A Pen/Pencil (to check off everyone's key-fingerprints)
-DO NOT bring a computer
WHAT TO EXPECT AT THE KEY SIGNING MEETING:
You should each have brought WITH you a print out of your
Name/Type/Fingerprint info with you. It and your photo ID is what allows us
all to verify you and your key. If you don't bring your key-fingerprint
printout with you, you can't participate and get signed with the rest of us.
Please don't forget.
As we get started (after we order pizza of course) Richard and I will give
each of you print outs of all the expected participants listing their name,
key info and key-fingerprint. This is based on each participant's actual
keys that you each emailed to Richard and I (via keysign@xcssa.org). So
before we get started, each of you will have a name/fingerprint participant
list in hand, and your own Name/Key-Info/Fingerprint sheet that you brought
with you. We will then go around and each verbally read aloud, to the group,
each of our printed name & key-fingerprint that we each brought with us. The
rest of the group will "check off" your fingerprint on their participant
sheet.
After all participants are verbal key-fingerprint verified, the participants
and coordinators will form a long single file line while holding their IDs in
front of them. The person at the head of the line walks down the line and
checks each person's ID. If their ID is correct and the person walking down
the line has a check next to the individual in the line's key-fingerprint
(verifying that they had said it was their key at the beginning of the
party), he places a second check mark on his list next to their
name/fingerprint. Once a key has two check marks it can be signed by each
participant later at home. This process allows everyone to verify everyone
in a semi-orderly fashion.
KEY UPLOADING AND SIGNING:
After the keysigning party, Richard and I will both return home, sign and
upload each of your keys to the major key servers on the net and let you know
so that you can each now go down your list and sign each participant's key
using your GPG app of choice (e.g. opengpg, kpgp, etc). After this, our web
of trust is formed.
LATER, APPS TO CONFIGURE AT HOME:
After you get your key signed, you will want to configure apps such as KMail,
Thunderbird, KGPG and your system to USE said key(s). It's pretty straight
forward. Just email the list here if you have any questions or comments.
Okay... so to prepare.. get started with Step#1-3 above, and we'll see you on
the 21st!
All of this info is archived on the XCSSA mail list here.