After last month's THREE super GPG/Crypto-Filesystems presentations, we're picking up where we left off and holding a keysigning party! :) We only do these every few years, so you might not get this chance again.
Although the meeting is a ways off (~2 weeks as of this writing), there are some
preparations that YOU need to take care of NOW on your home Linux/UN*X/Windowz
machine(s) before you can even participate in this next meeting's keysigning event! So
don't come to the next XCSSA meeting expecting to get your GPG key signed without
first following the steps below!
PREPARE FOR KEYSIGNING NOW:
(Must Read These Steps)
To prepare for the keysigning party, each of you who want your own signed keys
(for email, digital signatures, file encryption, etc) must first do the
following NOW:
Step#1 Make your key pair (public and private):
NOTE: Skip this step if you already have a GPG keypair.
You can create your key pair either with the KDE app KGPG or via the
command line via opengpg. From the command line, it will look something like this:
$ gpg –gen-key
...
Suggestions when making your keypair:
print out your name/key-info/key-fingerprint (see further down in Step#3)
use DSA/El-Gamal keys
make the El-Gamal key 4096 bits long
make the lifetime 5 years unless you attend lots of keysigning
also create a revocation certificate and save it in a safe place (separate from your keys)
remember your key pair's passphrase, but never write it down anywhere
WARNING: Never forget the passphrase that you use to create your key pair.
This is needed for you to be able to actually USE your GPG based apps later.
Step#2 Armor & Email your public key to the Key-signing party coordinators:
Export your public key with gpg to an ascii armored file like this:
$ gpg --armor --export your@email.com > my-pub-key.asc
or from the kgpg GUI client:
Right click on your keypair
Click "Export Public Key(s)"
it will save your pub-key out to an .asc (test) file.
Send an email to: keysign@xcssa.org with the public key that you made,
attached as an .asc (ascii armor) file.
The "keysign@xcssa.org" address will go to both myself and Richard
D. and we will use it to build a "participant list" that we will
print out and hand out to each participant at the party.
Step#3 Bring Yourself, Fingerprint Printout & ID to Keysigning Party to Get Validated & Signed:
Show up at the XCSSA sponsored keysigning party on March 17th and
bring with you:
Two forms of picture ID (a driver's license and passport are good Key ID)
NOTE: DO NOT bring a SSN card, or other personally sensitive documents!
Your Key Info & Fingerprint Printed on Paper:
Bring a single sheet of paper printed out listing your key type, size,
and Hex Fingerprint Info. For Example:
Thomas W. Weeks
DSA/El-Gamal/4096bit
5A27 DABA EEBC 63A5 2A46 0D78 2757 662F 7501 52F1
NOTE: It is critical that you bring the info above printed out, or you
will not be able to participate!
A Pen/Pencil (to check off everyone's key-fingerprints)
DO NOT bring a computer
WHAT TO EXPECT AT THE KEY SIGNING MEETING:
You should each have brought WITH you a print out of your
Name/Type/Fingerprint info with you. It and your photo ID is what allows us
all to verify you and your key physically. If you don't bring your key-fingerprint
printout with you, you can't participate and get signed with the rest of us.
Please don't forget.
As we get started (after we order pizza of course) Richard and I will give
each of you a print out listing all the expected participants listing their name,
key info and key-fingerprint (like this). This handout is created from each participant's actual keys that you each emailed to Richard and I (via keysign@xcssa.org). So before we get started, each of you will have a name/fingerprint participant
list in hand, your own Name/Key-Info/Fingerprint sheet that you brought with you to show to others, as well as your two forms of photo ID. We will then have each participant verbally read aloud, to the group, their printed name & key-fingerprint that we each brought with us. This will not only function as a roll-call, but will allow us to each check off the "Verbal F.Print Check" box next to each person's name/fingerprint on our participant sheet(s).
After all participants are verbal key-fingerprint verified, the participants
and coordinators will form a long single file line while holding their IDs in
front of them. The person at the head of the line walks down the line and
checks each person's ID. If their ID is correct and the person walking down
the line has a check next to the individual in the line's key-fingerprint
(verifying that they had said it was their key at the beginning of the
party), he places a second check mark on his list next to their
name/fingerprint "ID Check" box. Once a key has two check marks it can be signed by each
participant later from home. This process allows everyone to verify everyone
in a semi-orderly fashion.
KEY UPLOADING AND SIGNING:
After the keysigning party, Richard and I will both return home, sign and
upload each of your keys to the major key servers on the net and let you know
once it is complete so that you can each now go down your list and sign each participant's key
using your GPG app of choice (e.g. opengpg, kpgp, etc). After this, our web of trust is formed.
LATER, APPS TO CONFIGURE AT HOME:
After you get your key signed, you will want to configure apps such as KMail,
Thunderbird, KGPG and your system to USE said key(s). It's pretty straight
forward. Just email the list here if you have any questions or comments.
Okay... so to prepare.. get started with Step#1-3 above, and we'll see you at the meeting!