[SLUG] GPG key signing party

Stephen O'Neill squid at thefloatingfrog.co.uk
Fri Mar 14 16:09:11 GMT 2008 

David Knight wrote:
> I generated a key (didn't bother with a passphrase) for me. 


Obviously no pass phrase is fine for testing, but not good for production.


> I can 
> now successfully send myself encrypted messages! 

Yay! If you upload your public key to a keyserver (Enigmail automates 
this for you) then you could sign your mails to this list and we can 
verify you after downloading your key.

You could then follow the key signing instructions on Ryedale's howto 
page and hop along to the meeting in April to get yourself going on the 
'web of trust'.


> The next question is do 
> I need to generate a certificate for every member of the company? 


Erm, yeah - you do really. I guess you could have a single corporate key 
that everyone uses, but I don't think that's a good idea as the private 
key would be getting spread around and lots of people would know the 
passphrase etc ... I'm hoping more experienced GnuPG'ers will chip in 
here :)


> How do 
> I share these certificates. Surely emailing them out will invalidate 
> their security?


Stick them on a pen drive, copy them to the target machine(s) I would say...

I have no idea to be honest how GPG works on a corporate scale. The 
point seems to be about identifying individuals, the fact that someone 
belongs to a corporation is kind of accidental. I imagine that people 
may use different keys for different purposes - e.g. you may have a 
personal key with all your personal email identities and then another 
key for work which is 'issued' to you by your employer. You and your 
employer know the passphrase, your employer has a revocation certificate 
so that when you leave the company they can revoke that key to prevent 
you doing bad things.

-- 
Stephen O'Neill
w: http://www.thefloatingfrog.co.uk/
e: squid at thefloatingfrog.co.uk

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://mailman.lug.org.uk/pipermail/scarborough/attachments/20080314/8d14e270/signature.bin

More information about the Scarborough mailing list