Difference between revisions of "Keysigning 2016-02-21"

From the Linux and Unix Users Group at Virginia Teck Wiki
Jump to: navigation, search
imported>Echarlie
imported>Echarlie
(What you need to do in order to attend)
 
(25 intermediate revisions by 2 users not shown)
Line 1: Line 1:
Keysigning party. More info to come
+
Keysigning party? Keysigning party!
 +
 
 +
Direct all questions to '''<code>echarlie at vtluug.org</code>'''
 +
 
 +
The purpose of this keysigning party is to bring bring together
 +
people who are interested in cryptography and/or digital privacy with the
 +
goal of strengthening the web of trust.
 +
 
 +
VTLUUG hosts these from time to time to promote cryptography standards such as
 +
PGP, to raise awareness of cryptography, and to allow members to authenticate
 +
each other for distribution of semi-sensitive information.
 +
 
 +
Some samples on running keysigning parties:
 +
* [http://cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html Keysigning party How-To]
 +
* [https://wiki.ubuntu.com/KeySigningParty Ubuntu Keysigning Party]
 +
 
 +
Event on biglumber: http://biglumber.com/x/web?ev=28819
 +
 
 +
We '''could''' add an event keyring, or perhaps a long-time even with keyring, to simplify
 +
identification of members with keys, and to ease the process of fetching all of the keys, however
 +
that takes a critical mass of interest in the event.
  
 
== Time/Date ==
 
== Time/Date ==
* Will be on 21 Feb 2016, 11:00 to 14:00
+
 
* Location TBD
+
* 21 Feb 2016
 +
* 11:00 to 14:00
 +
* 1040 [[gp:Torgersen Hall|Torgersen Hall]]
  
 
== Plan ==
 
== Plan ==
Signing pgp keys, with food, and possibly door prizes.
+
 
 +
Verify identities for signing PGP keys, with food and door prizes.
  
 
* Invite your friends
 
* Invite your friends
* upload keys to vt keyserver
+
* Upload keys to [https://keyserver.cns.vt.edu/ VT keyserver]
 +
* Signing GPG keys (Maybe CACerts too, depending on demand)
 +
 
 +
== What you need to do in order to attend ==
 +
 
 +
* Have a GPG key (if you don't have one, we can help you at a meeting Thursday at 8:30 in TORG 1040 or via IRC on #vtluug )
 +
** Upload it to the '''VT keyserver'''
 +
* Sign up for the event [https://docs.google.com/forms/d/1BR_s_Khb_42grq695DZ8keEs0Gc6WtN6_Taz1yAwwk4/viewform here]
 +
* Bring 2 forms of IDs (Driver's license + Hokie ID will do, for example) and your '''Key Fingerprint''' (to reduce errors in transcribing)
 +
* <font size=3> >> '''[https://docs.google.com/file/d/0B0EkhSt6RRaeUUpVQnI5WnpJUms/edit?usp=sharing Read the instructions]''' << </font>
 +
** These instructions are dated, and thus are not correct. They *do* provide a good guideline, however, of how this will run.
 +
 +
OpenPGP is a cryptographic standard that allows for secure, confidential,
 +
non-reputable, and verifiable communication over an otherwise untrusted
 +
medium such as email. This only works, however, if you have some method of
 +
verifying that the other party is indeed who they claim to be. This problem
 +
is solved through keysigning: you are verifying first-hand that the other
 +
party's identity and key match, as well as declaring this to anyone who
 +
trusts you. These interconnected chains of verification form a web of trust
 +
and allow secure communication between previously unacquainted or unverified
 +
communicators.
 +
 +
If you do not already have an OpenPGP key, please acquire a client and
 +
generate one. For the Linux and BSD operating systems, we recommend [http://gnupg.org GnuPG] version 2.0 or later
 +
or one of its frontends such as [http://www.gnupg.org/related_software/gpa/index.en.html GPA] or [http://projects.gnome.org/seahorse/ Seahorse]. For Windows we
 +
suggest [http://www.gpg4win.org Gpg4Win]. For OSX we suggest [https://gpgtools.org/ GPG Tools]. Both OSX and Windows can run the official GnuPG client,
 +
if you are okay with working from the command line. Follow the associated documentation to generate a keypair,
 +
or refer to the ArchWiki Page on GnuPG.
 +
 +
If you wish to attend, please bring '''two forms of valid identification''' as well as paper copies of your key fingerprint.
 +
 
 +
== The Procedure ==
 +
 
 +
This is merely a summary: Please refer to other sources, and the GnuPG documentation for a better understanding of
 +
what each piece entails.
 +
 
 +
# Generate a keypair and upload it to the VT Keyserver
 +
# Bring your ID; bring '''multiple''' printouts of your key fingerprint (think 30 to 50)
 +
# Everyone will sign in at the party
 +
# When most of the participants have arrived, we will form a line, and everyone will rotate down the line, meet everyone else, and verify their ID against their name.
 +
# When the party ends, you go to a secure place, download keys for other users, sign them, and sync them against the server
 +
 
 +
 
  
 
[[Category:VTLUUG:Events]]
 
[[Category:VTLUUG:Events]]
 
[[Category:2016]]
 
[[Category:2016]]

Latest revision as of 16:09, 20 February 2016

Keysigning party? Keysigning party!

Direct all questions to echarlie at vtluug.org

The purpose of this keysigning party is to bring bring together people who are interested in cryptography and/or digital privacy with the goal of strengthening the web of trust.

VTLUUG hosts these from time to time to promote cryptography standards such as PGP, to raise awareness of cryptography, and to allow members to authenticate each other for distribution of semi-sensitive information.

Some samples on running keysigning parties:

Event on biglumber: http://biglumber.com/x/web?ev=28819

We could add an event keyring, or perhaps a long-time even with keyring, to simplify identification of members with keys, and to ease the process of fetching all of the keys, however that takes a critical mass of interest in the event.

Time/Date

Plan

Verify identities for signing PGP keys, with food and door prizes.

  • Invite your friends
  • Upload keys to VT keyserver
  • Signing GPG keys (Maybe CACerts too, depending on demand)

What you need to do in order to attend

  • Have a GPG key (if you don't have one, we can help you at a meeting Thursday at 8:30 in TORG 1040 or via IRC on #vtluug )
    • Upload it to the VT keyserver
  • Sign up for the event here
  • Bring 2 forms of IDs (Driver's license + Hokie ID will do, for example) and your Key Fingerprint (to reduce errors in transcribing)
  • >> Read the instructions <<
    • These instructions are dated, and thus are not correct. They *do* provide a good guideline, however, of how this will run.

OpenPGP is a cryptographic standard that allows for secure, confidential, non-reputable, and verifiable communication over an otherwise untrusted medium such as email. This only works, however, if you have some method of verifying that the other party is indeed who they claim to be. This problem is solved through keysigning: you are verifying first-hand that the other party's identity and key match, as well as declaring this to anyone who trusts you. These interconnected chains of verification form a web of trust and allow secure communication between previously unacquainted or unverified communicators.

If you do not already have an OpenPGP key, please acquire a client and generate one. For the Linux and BSD operating systems, we recommend GnuPG version 2.0 or later or one of its frontends such as GPA or Seahorse. For Windows we suggest Gpg4Win. For OSX we suggest GPG Tools. Both OSX and Windows can run the official GnuPG client, if you are okay with working from the command line. Follow the associated documentation to generate a keypair, or refer to the ArchWiki Page on GnuPG.

If you wish to attend, please bring two forms of valid identification as well as paper copies of your key fingerprint.

The Procedure

This is merely a summary: Please refer to other sources, and the GnuPG documentation for a better understanding of what each piece entails.

  1. Generate a keypair and upload it to the VT Keyserver
  2. Bring your ID; bring multiple printouts of your key fingerprint (think 30 to 50)
  3. Everyone will sign in at the party
  4. When most of the participants have arrived, we will form a line, and everyone will rotate down the line, meet everyone else, and verify their ID against their name.
  5. When the party ends, you go to a secure place, download keys for other users, sign them, and sync them against the server