Hey Group, How about we try to have a key signing party sometime during the course of this evening's meeting (before or after the official stuff)?
To do this you will need several things:
a) you need to be running (or have run) GPG and generated yourself a
private/public keypair.
b) you must have submitted your public key to a keyserver prior to the meeting
c) you must have a slip of paper with your public key information (see below)
d) you must have some form of photo ID
A big part of using GPG is establishing your web of trust. In this modern
world where identity theft is a reality, we have to be diligent in checking
these sorts of things if you want to use GPG effectively. I know that the
more paranoid members will not want to show any kind of ID but it is for
verification purposes only. If you aren't careful about how you establish
your contacts then you are more than likely not going to be careful about the
way you use GPG and we probably don't want you in our contacts anyway. This
is a point that is continually hammered home when reading anything about
public key cryptography.
So the slip of paper mentioned above should contain the following information
(lay it out in whatever way you like but it should have these things):
User ID: Jarrod Major <[EMAIL PROTECTED]>
Jarrod Major <[EMAIL PROTECTED]>
Key ID: 0x2439231E
Type/Size: 1024D
Fingerprint: 4556 EFA8 EC69 7C54 EE33 C881 2C7C 0E10 2439 231E
Notes: you only need to include the primary User ID that is associated with
your key, you may include any others to make it more thorough or easier to
look you up but as soon as someone does search the keyservers for your key,
they will find whatever email addresses you have set for User ID's. The
Type/Size is also optional and one can see this information once they look
you up as well.
Try to display your fingerprint in the above pattern; four characters
separated by a space. It makes it easier to verify you if you can read your
fingerprint easier. Some people have broken this up to two lines of five
components each for space constraints. Also choose your typeface carefully
before you print out your slips, you want to be able to tell 0's from O's, I
suspect that there won't be any O's in a persons Key ID or their fingerprint
but I could be wrong. However, it makes it absolutely certain to the
recipient of your key so when they go to verify your indentity for their web
of trust they can do so correctly.
You then take this slip of paper home with you, punch in the person's User ID
(email address) or their Key ID and do a key search. Once the key is found
you add it to your keyring and you can assign a level of trust. At some point
during the procedure, you will be prompted with the fingerprint of the
person's key in question. This is where you verify against the fingerprint on
the slip of paper. You can authoritatively select 'ultimate' trust for this
person.
I can also answer anyone's questions regarding GPG tonight if you aren't using
it yet and want to know how to get it or set it up.
--
Jarrod Major
Registered Linux User: #224211
GPG Fingerprint: 4556 EFA8 EC69 7C54 EE33 C881 2C7C 0E10 2439 231E
pgpfRjjIw6drm.pgp
Description: PGP signature
_______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
