[kwlug-disc] Anyone interesting in going a GPG key signing?

Bob Jonkman bjonkman at sobac.com
Sat Nov 2 01:25:39 EDT 2013


Hi everyone: As Andrew suggested, I'd like to have an informal
keysigning at each KWLUG meeting.

On 13-10-06 04:55 PM, Andrew Sullivan Cant wrote[1]:
> So I was figuring on either doing a key signing at a KWLUG event
> periodically, or even just doing it as part of the regular night.

We did this last month. Informal key signings are great for people who
already know each other and want to associate keyIDs with each other.

The informal keysigning consists of exchanging key fingerprints on slips
of paper generated with

  gpg --fingerprint 0xYOURKEYID

(and then copy'n'pasted several times on a page, printed, and cut into
strips)

or you could use

  gpg-key2ps 0xYOURKEYID > fingerprints.ps

(and then print fingerprint.ps and cut into strips)


For people who don't know each other well enough to trust exchanged
slips of paper there's a Formal Keysigning, which we'll be having at the
meeting on 2 December 2013.  Stay tuned here over the next month as I
spam the list with keysigning details.

If you want a bit of an advance on GnuPG/PGP information, the UofW
CSClub is having Hands On Seminar on Public Key Cryptography.  More info
on that meeting is at

http://csclub.uwaterloo.ca/events/MC_3001_%28Comfy%29-2013-11-05-6:00PM

See you all on Monday!

--Bob.


On 13-10-06 10:54 PM, Bob Jonkman wrote:
> I'll bring my sheet of GnuPG/PGP information[1]. It's a handy way for
> people to associate a key ID with a person.
> 
> I expect this will be an informal keysigning event, meaning there won't
> be a keysigning party signing key[2] and a keyring of all participants,
> and no formal declarations and introductions like this:
> 
>  Bob: "I'm Bob Jonkman, and my keyID is Delta Two Charlie Charlie Echo
> Five Echo Alpha"
> 
>  Andrew: "I've known Bob since the early days, and that's really him"
> 
> Instead, I expect we'll just exchange our key IDs and fingerprints from
> the little tear-off strips produced by gpg2ps (or 'gpg --fingerprint
> 0xYOURKEY' and copy'n'pasted), and rely on our own knowledge of each
> other for identity verification.
> 
> 
> Gordon Day wrote:
> 
>> Ideas of how to do it/what to expect:
>>
>> https://wiki.ubuntu.com/KeySigningParty
>>
>> Although I think the ubucon reference isn't applicable... but the rest
>> is good.
> 
> ...except for the part about mandatory government ID.  The whole point
> of establishing a *Web* of Trust is to not require an authority to
> establish identity.  You only sign the keys of people you know, or who
> have been introduced by people you trust.
> 
> I've added a few more keysigning party resources to
> http://sobac.com/wiki/index.php/Guidelines_for_Key_Signing_Parties, but
> most are intended for keysigning party organizers.
> 
> I also took the liberty of adding the keysigning as a last-minute event
> on the Cryptoparty site: http://www.cryptoparty.in/parties/upcoming
> 
> 
> I wouldn't mind going to a formal keysigning party, complete with a
> keysigning party signing key, a keyring of all the participants, and the
> formal introductions. Maybe even having a presentation on using
> GnuPG/PGP with e-mail beforehand...  I understand there's a vacancy in
> December.  Wait, did I just volunteer for something?
> 
> 
> --Bob.
> 
> [1] My keysigning info document is in the KWCrypto file repository:
> http://sobac.com/owncloud/public.php?service=files&t=d29677e74871f55e431362c1172afb6f
> Download it, don't depend on the online viewer -- it mangles monospaced
> pre-formatted text.
> 
> [2] Signing key for the first keysigning party I attended:
> keyserver.ubuntu.com/pks/lookup?op=vindex&search=0xE940E0E5
> Having this signature on my key proves I was at the keysigning.
> 
> 
> 
> 
> On 13-10-06 04:55 PM, Andrew Sullivan Cant wrote:
>> All right, slow on following up to keep this thread alive. :)
>>
>> So I was figuring on either doing a key signing at a KWLUG event
>> periodically, or even just doing it as part of the regular night.
>> Say make an announcement at the end of each meeting, and see when we
>> reach saturation.
>>
>> I was also thinking about a presentation on more things do to with PGP
>> keys than just email.
>> I know for myself, I have created and signed 2 keys that I have
>> eventually stopped using when I switch computers at some point.  They we
>> easy to just not bother getting running again. But if I had more things
>> that I actually used the keys for, I'd have more motivation to actually
>> keep them working.
>>
>> * package signing would be and example for developers.
>> * Obnam <http://liw.fi/obnam/> is a backup system that uses GPG keys for
>> encrypting.
>> * git-annex <http://git-annex.branchable.com/encryption/> is using GPG
>> keys in a similar way
>> * monkeysphere <http://web.monkeysphere.info/> is trying to a website
>> certificate system based on the PGP web of trust
>>
>> If anyone has other uses for their GPG keys, I'd be interested to hear
>> them.
>>
>> Does anyone want to start signing tomorrow night?
>> I can probably either dig up my old one or generate a new key by then. :)
>>
>> Andrew
>>
>>
>>
>> On Sun Jul 14 23:59:36 2013, Bob Jonkman wrote:
>>> Yes!
>>>
>>> Would this be part of a regular KWLUG night, or a separate Cryptoparty?
>>>
>>> For those interested, there are still unused vestiges of tools from
>>> Jonathan Lamothe's Cryptoparty of last year: http://sobac.com/kwcrypto
>>>
>>> --Bob.
>>>
>>> Bob's Public Key:
>>> http://keyserver.ubuntu.com:11371/pks/lookup?op=vindex&search=0xB91289B0D2CCE5EA
>>>
>>>
>>>
>>> On 13-07-14 04:44 PM, Andrew Sullivan Cant wrote:
>>>> Hi everyone,
>>>>
>>>> I have been thinking about trying to start using GPG again. At least to
>>>> sign my out going messages.
>>>>
>>>> Is anyone interested in doing a key signing?
>>>> It seems like it has been a while since we last had one. And it fits
>>>> nicely with the recent Tor presentation.
>>>>
>>>> How about a short tutorial about how to generate keys and use them?
>>>> If people can bring laptops, we could also do something workshop style
>>>> to generate new keys and sign them.
>>>>
>>>>
>>>> Andrew


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20131102/837b7dd0/attachment.bin>


More information about the kwlug-disc mailing list