Difference between revisions of "Keysigning 2016-02-21"

From the Linux and Unix Users Group at Virginia Teck Wiki
Jump to: navigation, search
imported>Echarlie
(Plan)
imported>Echarlie
(What you need to do in order to attend)
 
(21 intermediate revisions by 2 users not shown)
Line 1: Line 1:
Keysigning party. More info to come
+
Keysigning party? Keysigning party!
 +
 
 +
Direct all questions to '''<code>echarlie at vtluug.org</code>'''
 +
 
 +
The purpose of this keysigning party is to bring bring together
 +
people who are interested in cryptography and/or digital privacy with the
 +
goal of strengthening the web of trust.
 +
 
 +
VTLUUG hosts these from time to time to promote cryptography standards such as
 +
PGP, to raise awareness of cryptography, and to allow members to authenticate
 +
each other for distribution of semi-sensitive information.
 +
 
 +
Some samples on running keysigning parties:
 +
* [http://cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html Keysigning party How-To]
 +
* [https://wiki.ubuntu.com/KeySigningParty Ubuntu Keysigning Party]
 +
 
 +
Event on biglumber: http://biglumber.com/x/web?ev=28819
 +
 
 +
We '''could''' add an event keyring, or perhaps a long-time even with keyring, to simplify
 +
identification of members with keys, and to ease the process of fetching all of the keys, however
 +
that takes a critical mass of interest in the event.
  
 
== Time/Date ==
 
== Time/Date ==
* Will be on 21 Feb 2016, 11:00 to 14:00
+
 
* Location TBD
+
* 21 Feb 2016
 +
* 11:00 to 14:00
 +
* 1040 [[gp:Torgersen Hall|Torgersen Hall]]
  
 
== Plan ==
 
== Plan ==
 +
 
Verify identities for signing PGP keys, with food and door prizes.
 
Verify identities for signing PGP keys, with food and door prizes.
  
Line 14: Line 37:
 
== What you need to do in order to attend ==
 
== What you need to do in order to attend ==
  
* Have a GPG key (if you don't have one, we can help you at a meeting or via IRC on #vtluug
+
* Have a GPG key (if you don't have one, we can help you at a meeting Thursday at 8:30 in TORG 1040 or via IRC on #vtluug )
 
** Upload it to the '''VT keyserver'''
 
** Upload it to the '''VT keyserver'''
* Sign up for the event (Link to come)
+
* Sign up for the event [https://docs.google.com/forms/d/1BR_s_Khb_42grq695DZ8keEs0Gc6WtN6_Taz1yAwwk4/viewform here]
* Bring 2 forms of IDs (Driver's license + Hokie ID will do, for example)
+
* Bring 2 forms of IDs (Driver's license + Hokie ID will do, for example) and your '''Key Fingerprint''' (to reduce errors in transcribing)
 
* <font size=3> >> '''[https://docs.google.com/file/d/0B0EkhSt6RRaeUUpVQnI5WnpJUms/edit?usp=sharing Read the instructions]''' << </font>
 
* <font size=3> >> '''[https://docs.google.com/file/d/0B0EkhSt6RRaeUUpVQnI5WnpJUms/edit?usp=sharing Read the instructions]''' << </font>
 
** These instructions are dated, and thus are not correct. They *do* provide a good guideline, however, of how this will run.
 
** These instructions are dated, and thus are not correct. They *do* provide a good guideline, however, of how this will run.
 
The purpose of this keysigning party is to bring bring together a meeting of
 
people who are interested in cryptography and/or digital privacy with the
 
goal of strengthening the web of trust.
 
 
   
 
   
 
OpenPGP is a cryptographic standard that allows for secure, confidential,
 
OpenPGP is a cryptographic standard that allows for secure, confidential,
Line 29: Line 48:
 
medium such as email. This only works, however, if you have some method of
 
medium such as email. This only works, however, if you have some method of
 
verifying that the other party is indeed who they claim to be. This problem
 
verifying that the other party is indeed who they claim to be. This problem
is solved through keysigning: you are verifying first hand that the other
+
is solved through keysigning: you are verifying first-hand that the other
party's identity and key match as well as declaring this to anyone who
+
party's identity and key match, as well as declaring this to anyone who
 
trusts you. These interconnected chains of verification form a web of trust
 
trusts you. These interconnected chains of verification form a web of trust
 
and allow secure communication between previously unacquainted or unverified
 
and allow secure communication between previously unacquainted or unverified
Line 36: Line 55:
 
   
 
   
 
If you do not already have an OpenPGP key, please acquire a client and
 
If you do not already have an OpenPGP key, please acquire a client and
generate one. For the Linux and BSD operating systems, we recommend [http://gnupg.org GnuPG]
+
generate one. For the Linux and BSD operating systems, we recommend [http://gnupg.org GnuPG] version 2.0 or later
 
or one of its frontends such as [http://www.gnupg.org/related_software/gpa/index.en.html GPA] or [http://projects.gnome.org/seahorse/ Seahorse]. For Windows we
 
or one of its frontends such as [http://www.gnupg.org/related_software/gpa/index.en.html GPA] or [http://projects.gnome.org/seahorse/ Seahorse]. For Windows we
suggest [http://www.gpg4win.org Gpg4Win]. For OSX we suggest [https://gpgtools.org/ GPG Tools]. Follow the associated
+
suggest [http://www.gpg4win.org Gpg4Win]. For OSX we suggest [https://gpgtools.org/ GPG Tools]. Both OSX and Windows can run the official GnuPG client,
documentation to generate a keypair.
+
if you are okay with working from the command line. Follow the associated documentation to generate a keypair,
 +
or refer to the ArchWiki Page on GnuPG.
 
   
 
   
If you wish to attend, please bring '''two forms of valid identification''' as well as paper copies of your fingerprint, if possible.
+
If you wish to attend, please bring '''two forms of valid identification''' as well as paper copies of your key fingerprint.
 +
 
 +
== The Procedure ==
 +
 
 +
This is merely a summary: Please refer to other sources, and the GnuPG documentation for a better understanding of
 +
what each piece entails.
 +
 
 +
# Generate a keypair and upload it to the VT Keyserver
 +
# Bring your ID; bring '''multiple''' printouts of your key fingerprint (think 30 to 50)
 +
# Everyone will sign in at the party
 +
# When most of the participants have arrived, we will form a line, and everyone will rotate down the line, meet everyone else, and verify their ID against their name.
 +
# When the party ends, you go to a secure place, download keys for other users, sign them, and sync them against the server
 +
 
  
  
 
[[Category:VTLUUG:Events]]
 
[[Category:VTLUUG:Events]]
 
[[Category:2016]]
 
[[Category:2016]]

Latest revision as of 16:09, 20 February 2016

Keysigning party? Keysigning party!

Direct all questions to echarlie at vtluug.org

The purpose of this keysigning party is to bring bring together people who are interested in cryptography and/or digital privacy with the goal of strengthening the web of trust.

VTLUUG hosts these from time to time to promote cryptography standards such as PGP, to raise awareness of cryptography, and to allow members to authenticate each other for distribution of semi-sensitive information.

Some samples on running keysigning parties:

Event on biglumber: http://biglumber.com/x/web?ev=28819

We could add an event keyring, or perhaps a long-time even with keyring, to simplify identification of members with keys, and to ease the process of fetching all of the keys, however that takes a critical mass of interest in the event.

Time/Date

Plan

Verify identities for signing PGP keys, with food and door prizes.

  • Invite your friends
  • Upload keys to VT keyserver
  • Signing GPG keys (Maybe CACerts too, depending on demand)

What you need to do in order to attend

  • Have a GPG key (if you don't have one, we can help you at a meeting Thursday at 8:30 in TORG 1040 or via IRC on #vtluug )
    • Upload it to the VT keyserver
  • Sign up for the event here
  • Bring 2 forms of IDs (Driver's license + Hokie ID will do, for example) and your Key Fingerprint (to reduce errors in transcribing)
  • >> Read the instructions <<
    • These instructions are dated, and thus are not correct. They *do* provide a good guideline, however, of how this will run.

OpenPGP is a cryptographic standard that allows for secure, confidential, non-reputable, and verifiable communication over an otherwise untrusted medium such as email. This only works, however, if you have some method of verifying that the other party is indeed who they claim to be. This problem is solved through keysigning: you are verifying first-hand that the other party's identity and key match, as well as declaring this to anyone who trusts you. These interconnected chains of verification form a web of trust and allow secure communication between previously unacquainted or unverified communicators.

If you do not already have an OpenPGP key, please acquire a client and generate one. For the Linux and BSD operating systems, we recommend GnuPG version 2.0 or later or one of its frontends such as GPA or Seahorse. For Windows we suggest Gpg4Win. For OSX we suggest GPG Tools. Both OSX and Windows can run the official GnuPG client, if you are okay with working from the command line. Follow the associated documentation to generate a keypair, or refer to the ArchWiki Page on GnuPG.

If you wish to attend, please bring two forms of valid identification as well as paper copies of your key fingerprint.

The Procedure

This is merely a summary: Please refer to other sources, and the GnuPG documentation for a better understanding of what each piece entails.

  1. Generate a keypair and upload it to the VT Keyserver
  2. Bring your ID; bring multiple printouts of your key fingerprint (think 30 to 50)
  3. Everyone will sign in at the party
  4. When most of the participants have arrived, we will form a line, and everyone will rotate down the line, meet everyone else, and verify their ID against their name.
  5. When the party ends, you go to a secure place, download keys for other users, sign them, and sync them against the server