PGP keysigning party instructions
Updated: Maybe you should not generate a key with the default settings. See Step 1 below.
The September 2010 meeting will feature a keysigning party.
Chris Frey (cdfrey at the domain foursquare dot net) is the KeyMaster for this party. As part of the process, you will e-mail him your key.
Here are his instructions for getting started, with some e-mail address obfuscation:
- Generate new key:
gpg --gen-key
(Accept the defaults, they are pretty good)
Update: Denver Gingerich notes that one of the algorithms used in the defaults (SHA-1) has vulnerabilities. Although these vulnerabilities have not resulted in exploits yet, if you are generating a new key you may want to use less vulnerable settings. Denver suggests:
- Generate an RSA key
- Make it 4096 bits long
- Look at your shiny new key:
gpg --list-keys
- Export it to a file:
gpg --armor --output /tmp/my-public-key --export
Replace ID with the first ID of your key. For example,
my key looks like this in the --list-keys display:
pub 1024D/DC6371D5 2006-12-02 [expires: 2011-12-01]
uid Chris Frey (cube)
sub 4096g/C2855553 2006-12-02 [expires: 2011-12-01]
So my ID is DC6371D5.
- Email the file my-public-key to me. (i.e. to Chris)
- Show up on September 13, with your fingerprint printed out on a sheet of paper, and ready to read it out loud.
gpg --fingerprint
Example:
gpg --fingerprint dc6371d5
pub 1024D/DC6371D5 2006-12-02 [expires: 2011-12-01]
Key fingerprint = 7D71 47F2 3F61 B0E1 5F3C 68A4 819A 39D8 DC63 71D5
uid Chris Frey (cube)
sub 4096g/C2855553 2006-12-02 [expires: 2011-12-01]
At the meeting you will have to read your fingerprint and have others vouch for your identity. Some people do this via government ID; other people think this is not sufficient.