Difference between revisions of "Keysigning party"

From Wiki | LUG@UCLA
Jump to: navigation, search
Line 17: Line 17:
 
=== Way before the party ===
 
=== Way before the party ===
 
<ol>
 
<ol>
<li> create a PGP key if you haven't already: <code>$ gpg --gen-key</code><br> WARNING: make sure you understand the implications of holding a private key, e.g. do not generate it on a computer you don't own and have ''full control'' over.
+
<li> generate your PGP keypair if you haven't already: <code>$ gpg --gen-key</code><br> WARNING: make sure you understand the implications of holding a private key, e.g. do not generate it on a computer you don't own and have ''full control'' over.
 
<li> sync your public key with keyservers: <code>$ gpg --send-keys '''<your key ID>'''</code><br>WARNING: this is irreversible. Make sure you are prepared to protect your private key and you are using a very strong passphrase.
 
<li> sync your public key with keyservers: <code>$ gpg --send-keys '''<your key ID>'''</code><br>WARNING: this is irreversible. Make sure you are prepared to protect your private key and you are using a very strong passphrase.
 
<li> figure out your key fingerprint and RSVP:
 
<li> figure out your key fingerprint and RSVP:
Line 49: Line 49:
  
 
<span style="color:red">'''Q:'''</span> How do I install GnuPG (gpg)?<br>
 
<span style="color:red">'''Q:'''</span> How do I install GnuPG (gpg)?<br>
<span style="color:green">'''A:'''</span> If your computer doesn't already have GnuPG installed, you should seriously consider switching to a different operating system. If you're trying to use PGP on Windows or Mac, that kind of defeats the purpose because the software on your computer cannot be trusted to begin with. See [[Installfest]]
+
<span style="color:green">'''A:'''</span> Most open source operating systems will include GnuPG by default. If GnuPG is not installed, and isn't provided by your operating system vendor, you should seriously consider switching to a better operating system. Come to LUG during [[Tutoring]] hours or attend our next [[Installfest]].
  
<span style="color:red">'''Q:'''</span> Can't I just generate my keypair on SEASNet lnxsrv?<br>
+
<span style="color:red">'''Q:'''</span> Can't I just generate my PGP keypair on SEASNet lnxsrv?<br>
 
<span style="color:green">'''A:'''</span> NO! You must protect your private key. Generate it on your personal computer running an open source operating system. VMs don't count.
 
<span style="color:green">'''A:'''</span> NO! You must protect your private key. Generate it on your personal computer running an open source operating system. VMs don't count.
  

Revision as of 22:03, 1 November 2013

Gnupg logo.svg

Note Note: This page is for planning a keysigning party hosted by LUG@UCLA.

A keysigning party is an event for helping people verify each others' PGP keys and strengthening the web of trust.

  • take control of your privacy
  • meet other interesting members of the privacy-aware community
  • pizza

Event information

  • Where: Boelter Hall 4760
  • When: TBA

Instructions

Way before the party

  1. generate your PGP keypair if you haven't already: $ gpg --gen-key
    WARNING: make sure you understand the implications of holding a private key, e.g. do not generate it on a computer you don't own and have full control over.
  2. sync your public key with keyservers: $ gpg --send-keys <your key ID>
    WARNING: this is irreversible. Make sure you are prepared to protect your private key and you are using a very strong passphrase.
  3. figure out your key fingerprint and RSVP:

Right before the party

  1. download the keylist and keylist hash
    $ wget https://linux.ucla.edu/keysigning/keylists/keylist.txt
    $ wget https://linux.ucla.edu/keysigning/keyrings/keylist.txt.sha1
  2. check to see if your key ID is on the list next to your name
  3. personally verify the hash: $ sha1sum --check keylist.txt.sha1
  4. add the hash to the bottom of keylist.txt: $ cat keylist.txt.sha1 >>keylist.txt
  5. print keylist.txt and keep safe

During the party

  1. bring the printed copy of keylist.txt
  2. bring one or more forms of ID (e.g. drivers license + Bruin card)
  3. eat pizza

After the party

  1. retrieve your annotated keylist
  2. for every person on the list with two check marks, import that person's key into your local keyring: $ gpg --search-keys "First Last"

FAQ

Q: How do I install GnuPG (gpg)?
A: Most open source operating systems will include GnuPG by default. If GnuPG is not installed, and isn't provided by your operating system vendor, you should seriously consider switching to a better operating system. Come to LUG during Tutoring hours or attend our next Installfest.

Q: Can't I just generate my PGP keypair on SEASNet lnxsrv?
A: NO! You must protect your private key. Generate it on your personal computer running an open source operating system. VMs don't count.

Resources