[kwlug-disc] Anyone interesting in going a GPG key signing?

Bob Jonkman bjonkman at sobac.com
Sun Oct 6 22:54:29 EDT 2013


I'll bring my sheet of GnuPG/PGP information[1]. It's a handy way for
people to associate a key ID with a person.

I expect this will be an informal keysigning event, meaning there won't
be a keysigning party signing key[2] and a keyring of all participants,
and no formal declarations and introductions like this:

 Bob: "I'm Bob Jonkman, and my keyID is Delta Two Charlie Charlie Echo
Five Echo Alpha"

 Andrew: "I've known Bob since the early days, and that's really him"

Instead, I expect we'll just exchange our key IDs and fingerprints from
the little tear-off strips produced by gpg2ps (or 'gpg --fingerprint
0xYOURKEY' and copy'n'pasted), and rely on our own knowledge of each
other for identity verification.


Gordon Day wrote:

> Ideas of how to do it/what to expect:
> 
> https://wiki.ubuntu.com/KeySigningParty
> 
> Although I think the ubucon reference isn't applicable... but the rest
> is good.

...except for the part about mandatory government ID.  The whole point
of establishing a *Web* of Trust is to not require an authority to
establish identity.  You only sign the keys of people you know, or who
have been introduced by people you trust.

I've added a few more keysigning party resources to
http://sobac.com/wiki/index.php/Guidelines_for_Key_Signing_Parties, but
most are intended for keysigning party organizers.

I also took the liberty of adding the keysigning as a last-minute event
on the Cryptoparty site: http://www.cryptoparty.in/parties/upcoming


I wouldn't mind going to a formal keysigning party, complete with a
keysigning party signing key, a keyring of all the participants, and the
formal introductions. Maybe even having a presentation on using
GnuPG/PGP with e-mail beforehand...  I understand there's a vacancy in
December.  Wait, did I just volunteer for something?


--Bob.

[1] My keysigning info document is in the KWCrypto file repository:
http://sobac.com/owncloud/public.php?service=files&t=d29677e74871f55e431362c1172afb6f
Download it, don't depend on the online viewer -- it mangles monospaced
pre-formatted text.

[2] Signing key for the first keysigning party I attended:
keyserver.ubuntu.com/pks/lookup?op=vindex&search=0xE940E0E5
Having this signature on my key proves I was at the keysigning.




On 13-10-06 04:55 PM, Andrew Sullivan Cant wrote:
> All right, slow on following up to keep this thread alive. :)
> 
> So I was figuring on either doing a key signing at a KWLUG event
> periodically, or even just doing it as part of the regular night.
> Say make an announcement at the end of each meeting, and see when we
> reach saturation.
> 
> I was also thinking about a presentation on more things do to with PGP
> keys than just email.
> I know for myself, I have created and signed 2 keys that I have
> eventually stopped using when I switch computers at some point.  They we
> easy to just not bother getting running again. But if I had more things
> that I actually used the keys for, I'd have more motivation to actually
> keep them working.
> 
> * package signing would be and example for developers.
> * Obnam <http://liw.fi/obnam/> is a backup system that uses GPG keys for
> encrypting.
> * git-annex <http://git-annex.branchable.com/encryption/> is using GPG
> keys in a similar way
> * monkeysphere <http://web.monkeysphere.info/> is trying to a website
> certificate system based on the PGP web of trust
> 
> If anyone has other uses for their GPG keys, I'd be interested to hear
> them.
> 
> Does anyone want to start signing tomorrow night?
> I can probably either dig up my old one or generate a new key by then. :)
> 
> Andrew
> 
> 
> 
> On Sun Jul 14 23:59:36 2013, Bob Jonkman wrote:
>> Yes!
>>
>> Would this be part of a regular KWLUG night, or a separate Cryptoparty?
>>
>> For those interested, there are still unused vestiges of tools from
>> Jonathan Lamothe's Cryptoparty of last year: http://sobac.com/kwcrypto
>>
>> --Bob.
>>
>> Bob's Public Key:
>> http://keyserver.ubuntu.com:11371/pks/lookup?op=vindex&search=0xB91289B0D2CCE5EA
>>
>>
>>
>> On 13-07-14 04:44 PM, Andrew Sullivan Cant wrote:
>>> Hi everyone,
>>>
>>> I have been thinking about trying to start using GPG again. At least to
>>> sign my out going messages.
>>>
>>> Is anyone interested in doing a key signing?
>>> It seems like it has been a while since we last had one. And it fits
>>> nicely with the recent Tor presentation.
>>>
>>> How about a short tutorial about how to generate keys and use them?
>>> If people can bring laptops, we could also do something workshop style
>>> to generate new keys and sign them.
>>>
>>>
>>> Andrew
>>>
>>>
>>> _______________________________________________
>>> kwlug-disc mailing list
>>> kwlug-disc at kwlug.org
>>> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>>
>>
>>
>> _______________________________________________
>> kwlug-disc mailing list
>> kwlug-disc at kwlug.org
>> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
> 
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20131006/8acb3370/attachment-0001.bin>


More information about the kwlug-disc mailing list