[Wolves] GnuPG Keysigning

Ron Wellsted ron at wellsted.org.uk
Fri Aug 17 19:59:49 BST 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Chris Fox wrote:
> Evenin' All!
> 
> Just wanted to say thanks to Ron for his talk on GPG yesterday evening;
> I've decided to follow his lead and start signing all my outgoing mail too.
> 
> For those who missed Ron's talk, getting it set up really is a piece of
> cake. Will anyone else be bringing their key - and photo ID! - to the
> next LUG meeting?
> 
> Chris

The protocol for keysigning I propose we follow is:

Before the event:
1/ Generate your key pair
2/ Upload your public key to one of the regular key servers
(pgp.mit.edu, random.sks.keyserver.penguin.de or subkeys.pgp.net)
3/ Download/install signing-party (sudo apt-get install signing-party)
4/ run "gpg-key2ps -p a4 yourkeyid", print out the page and cut into strips.

At the event bring:
1/ Yourself (very important!)
2/ All the little slips of paper with your key info
3/ some current government Photo ID (passport of photo driving license)
4/ a pen.

At the keysigning exchange slips with people and verify that the name on
the slip matches that on the ID and satisfy yourself that the photo
matches the person presenting the ID.  If happy, initial the back of the
slip that they gave you.

After the event, for each initialled slip:
1/ Download the key using the key ID.
2/ Sign the key with your key
3/ upload the signed key back to the keyserver.
4/ optionally, mark the key as "trusted"

If really paranoid (well, more paranoid than me), send the other person
an email encrypted with their public key and wait for a suitable
acknowledgement (encrypted with your public key) back from them before
signing.

- --
Ron Wellsted
ron at wellsted.org.uk http://www.wellsted.org.uk
N 52.567623, W 2.136111 Linux Counter No. 202120
Ekiga: 645022
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEVAwUBRsXwHktP/KMNOfRbAQJOdQf9HCx49jdU4TiLyVp7bvpbQvwSh4x4q9SJ
CZ0E3xyePvuxjFo5d0iWP8AX4GhncDtbPADbW/MNzcS68ZKw60iN93Onn/w9UMFi
NjFFlRrS9n4iJmNXyT+0UlTzXr9dKfr2/0m4tEIbtHoEnRYZDqxlws5HCvPDJuwH
tfiNFTB4GEojSB2rMZxwnYtH4s0psT9UPVrrcE+OQE2VvNr473Gw1J7Tdfr3y3rg
3iCaNb6KLSm00i9huEsxNUb6nHol/IvS/BeEjgG6CuYOZ1KE2l8gOPl3EEY1fKrI
KjQ0fv5BQASbFx55sRfpwea+WcRl5RypWMd3R6hGhbetAZ/tyM89Nw==
=FVAR
-----END PGP SIGNATURE-----

More information about the Wolves mailing list