[Swlug] Meeting << Cardiff >> this Tuesday - keysigning party!

Mark Einon mark.einon at linux.com
Mon Jun 9 19:18:46 UTC 2014 

Hi,

If you still haven't got yourself a PGP key for tomorrow's keysigning party,
here's a quick guide to getting one (although not the _most_ secure!):

* Install gpg (that's gpg, for 'GNU Privacy Guard', not pgp!) from your distro's repo.
* Generate your gnupg keys

bash$ gpg --gen-key

* Select the key types you want - The default is good.

Please select what kind of key you want:

   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? <return>

* Select your key size: 4096

RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096<return>
Requested keysize is 4096 bits

* Set the lifetime of this key: 5 years is good

Requested keysize is 4096 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 1y<return>
Key expires at Fri Nov  5 00:19:43 EST 2014
Is this correct (y/n)? y<return>

* Enter your name and email address(es)...

Real name: Demo User<return>
Email address: demo at nonexistent.nowhere<return>
Comment:
You selected this USER-ID:
    "Demo User <demo at nonexistent.nowhere>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit?  O<return>

* Choose a pass phrase. It should be something you won't forget. If you forget
 your pass phrase, you cannot recover your key.

* Move the mouse and hit some keys maybe update locate in the background or run
 a big find. GPG is reading from /dev/random to get some randomness for your
 key generation. /dev/random is populated in part by the interrupts happening
 on your computer.

That's it! You should now have a GPG key.

* Send your key to the keyserver:

bash$ gpg --keyserver keyserver.ubuntu.com --send-key <Your_Key_ID>

* Print out the information that you need to bring along to the party:

bash$ gpg --fingerprint  <Your_Key_ID>

Hope to see you there!

Cheers,

Mark

On Thu, Jun 05, 2014 at 10:44:45PM +0100, Mark Einon wrote:
> On Thu, Jun 05, 2014 at 08:16:14AM +0100, gedge-l-swlug at yadn.org wrote:
> > ---- REMINDER
> > 
> > The next SWLUG meeting in Cardiff
> > will be held on Tuesday (10/June/2014)
> > from around 7pm.
> > 
> > Please check the web site - http://swlug.org - for any details/updates
> > (or http://twitter.com/SWLUG).
> 
> I'll be there in www.thecityarmscardiff.com from 7ish.
> 
> To make the event a bit more useful, there will also be an 'informal'
> PGP keysigning party. In order to participate, you'll need a PGP key.
> Details on how to get one, if you haven't got one already, and more
> keysigning information can be found at:
> 
> http://www.cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html
> 
> Some keyservers to use to upload your public keys are:
> 
> http://keyserver.ubuntu.com/
> http://pgp.mit.edu/
> 
> -----
> 
> What's a key-signing party?
> 
> A key-signing party is a get-together with PGP users for the purpose
> of meeting other PGP users and signing each other's keys. This helps
> to extend the "web of trust" to a great degree. Also, it sometimes
> serves as a forum to discuss strong cryptography and related issues.
> 
> Required Items?
> 
>         1. Physical attendance
>         2. Government-issued picture ID
>         3. Your key ID, key type, HEX fingerprint, and key size
>         4. A pen/pencil or whatever you'd like to write with....
>         5. NO computer
> 
> Why should I use PGP?
> 
> You should use PGP, if you need (or want) to protect your personal
> emails from being read by individuals or entities other than your
> intended recipient(s). PGP, when used correctly, can provide message
> privacy, message integrity, message authentication, and to some
> degree non-repudibility.
> 
> OK. What are some good applications of PGP?
> 
> Protection of email traffic of a sensitive nature, such as the
> coordination of response to ongoing security incidents, requests
> for DNS modifications, requests for networking changes and exchange
> of sensitive personal information like SSNs. At the very least, it
> would be useful to have all such messages signed, so the recipients
> could be sure that the notes were not forged.
> 
> Cheers,
> 
> Mark
> 
> _______________________________________________
> Swlug mailing list
> Swlug at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/swlug

More information about the Swlug mailing list