Difference between revisions of "Keysigning 2016-02-21"
imported>Echarlie |
imported>Echarlie (→What you need to do in order to attend) |
||
(7 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
Keysigning party? Keysigning party! | Keysigning party? Keysigning party! | ||
− | Direct all questions to | + | Direct all questions to '''<code>echarlie at vtluug.org</code>''' |
− | The purpose of this keysigning party is to bring bring together | + | The purpose of this keysigning party is to bring bring together |
people who are interested in cryptography and/or digital privacy with the | people who are interested in cryptography and/or digital privacy with the | ||
goal of strengthening the web of trust. | goal of strengthening the web of trust. | ||
Line 9: | Line 9: | ||
VTLUUG hosts these from time to time to promote cryptography standards such as | VTLUUG hosts these from time to time to promote cryptography standards such as | ||
PGP, to raise awareness of cryptography, and to allow members to authenticate | PGP, to raise awareness of cryptography, and to allow members to authenticate | ||
− | each other for distribution of semi-sensitive information | + | each other for distribution of semi-sensitive information. |
Some samples on running keysigning parties: | Some samples on running keysigning parties: | ||
Line 16: | Line 16: | ||
Event on biglumber: http://biglumber.com/x/web?ev=28819 | Event on biglumber: http://biglumber.com/x/web?ev=28819 | ||
+ | |||
We '''could''' add an event keyring, or perhaps a long-time even with keyring, to simplify | We '''could''' add an event keyring, or perhaps a long-time even with keyring, to simplify | ||
identification of members with keys, and to ease the process of fetching all of the keys, however | identification of members with keys, and to ease the process of fetching all of the keys, however | ||
Line 47: | Line 48: | ||
medium such as email. This only works, however, if you have some method of | medium such as email. This only works, however, if you have some method of | ||
verifying that the other party is indeed who they claim to be. This problem | verifying that the other party is indeed who they claim to be. This problem | ||
− | is solved through keysigning: you are verifying first hand that the other | + | is solved through keysigning: you are verifying first-hand that the other |
− | party's identity and key match as well as declaring this to anyone who | + | party's identity and key match, as well as declaring this to anyone who |
trusts you. These interconnected chains of verification form a web of trust | trusts you. These interconnected chains of verification form a web of trust | ||
and allow secure communication between previously unacquainted or unverified | and allow secure communication between previously unacquainted or unverified | ||
Line 56: | Line 57: | ||
generate one. For the Linux and BSD operating systems, we recommend [http://gnupg.org GnuPG] version 2.0 or later | generate one. For the Linux and BSD operating systems, we recommend [http://gnupg.org GnuPG] version 2.0 or later | ||
or one of its frontends such as [http://www.gnupg.org/related_software/gpa/index.en.html GPA] or [http://projects.gnome.org/seahorse/ Seahorse]. For Windows we | or one of its frontends such as [http://www.gnupg.org/related_software/gpa/index.en.html GPA] or [http://projects.gnome.org/seahorse/ Seahorse]. For Windows we | ||
− | suggest [http://www.gpg4win.org Gpg4Win]. For OSX we suggest [https://gpgtools.org/ GPG Tools] Both OSX and Windows can run the official GnuPG client, | + | suggest [http://www.gpg4win.org Gpg4Win]. For OSX we suggest [https://gpgtools.org/ GPG Tools]. Both OSX and Windows can run the official GnuPG client, |
if you are okay with working from the command line. Follow the associated documentation to generate a keypair, | if you are okay with working from the command line. Follow the associated documentation to generate a keypair, | ||
− | or refer to the ArchWiki Page on GnuPG | + | or refer to the ArchWiki Page on GnuPG. |
If you wish to attend, please bring '''two forms of valid identification''' as well as paper copies of your key fingerprint. | If you wish to attend, please bring '''two forms of valid identification''' as well as paper copies of your key fingerprint. |
Latest revision as of 16:09, 20 February 2016
Keysigning party? Keysigning party!
Direct all questions to echarlie at vtluug.org
The purpose of this keysigning party is to bring bring together people who are interested in cryptography and/or digital privacy with the goal of strengthening the web of trust.
VTLUUG hosts these from time to time to promote cryptography standards such as PGP, to raise awareness of cryptography, and to allow members to authenticate each other for distribution of semi-sensitive information.
Some samples on running keysigning parties:
Event on biglumber: http://biglumber.com/x/web?ev=28819
We could add an event keyring, or perhaps a long-time even with keyring, to simplify identification of members with keys, and to ease the process of fetching all of the keys, however that takes a critical mass of interest in the event.
Time/Date
- 21 Feb 2016
- 11:00 to 14:00
- 1040 Torgersen Hall
Plan
Verify identities for signing PGP keys, with food and door prizes.
- Invite your friends
- Upload keys to VT keyserver
- Signing GPG keys (Maybe CACerts too, depending on demand)
What you need to do in order to attend
- Have a GPG key (if you don't have one, we can help you at a meeting Thursday at 8:30 in TORG 1040 or via IRC on #vtluug )
- Upload it to the VT keyserver
- Sign up for the event here
- Bring 2 forms of IDs (Driver's license + Hokie ID will do, for example) and your Key Fingerprint (to reduce errors in transcribing)
- >> Read the instructions <<
- These instructions are dated, and thus are not correct. They *do* provide a good guideline, however, of how this will run.
OpenPGP is a cryptographic standard that allows for secure, confidential, non-reputable, and verifiable communication over an otherwise untrusted medium such as email. This only works, however, if you have some method of verifying that the other party is indeed who they claim to be. This problem is solved through keysigning: you are verifying first-hand that the other party's identity and key match, as well as declaring this to anyone who trusts you. These interconnected chains of verification form a web of trust and allow secure communication between previously unacquainted or unverified communicators.
If you do not already have an OpenPGP key, please acquire a client and generate one. For the Linux and BSD operating systems, we recommend GnuPG version 2.0 or later or one of its frontends such as GPA or Seahorse. For Windows we suggest Gpg4Win. For OSX we suggest GPG Tools. Both OSX and Windows can run the official GnuPG client, if you are okay with working from the command line. Follow the associated documentation to generate a keypair, or refer to the ArchWiki Page on GnuPG.
If you wish to attend, please bring two forms of valid identification as well as paper copies of your key fingerprint.
The Procedure
This is merely a summary: Please refer to other sources, and the GnuPG documentation for a better understanding of what each piece entails.
- Generate a keypair and upload it to the VT Keyserver
- Bring your ID; bring multiple printouts of your key fingerprint (think 30 to 50)
- Everyone will sign in at the party
- When most of the participants have arrived, we will form a line, and everyone will rotate down the line, meet everyone else, and verify their ID against their name.
- When the party ends, you go to a secure place, download keys for other users, sign them, and sync them against the server