[clue-talk] GnuPG/PGP key signing party

Michael Fierro miguelito at biffster.org
Fri Jun 29 16:02:02 MDT 2007 

On Fri, Jun 29, 2007 at 01:55:11PM -0700, rex evans wrote:

> I thought I had a general idea of what PGP was.
> After googling for "PGP key signing party" and
> reading this article 
> http://www.cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html
> for a few minutes, I decided it was very complex.

It really isn't that complex, but there are layers to it. An Ogre is like an
onion, after all. :)

PGP/GnuPG operate on the idea of using a public key. You can find my public
key on a number of public keyservers. But how do you know for certain that
they key you get is actually *MY* public key? That's where the idea of Trust
and Signing comes in.

If you and I meet somewhere, and I tell you, "Hey, Rex, I am definitely
Michael Fierro, this is definitely my key, and this is the keys fingerprint,"
then you know that my public key is actually my public key. You can then
designate my key as Trusted in PGP/GnuGP. You can also Sign it with your key.

Going down another layer, there's the idea of sharing trust. Continuing the
example up above: we meet, and we verify each other's keys. While we do so,
you notice that I *never* trust a key unless I actually meet the person and
verify their key. So you decide that you can trust me to verify someone's
identity before I sign a key. Now say you find a public key that is
theoretically Collins Richey's. You don't know for certain whether it is
Collins's or not. But you see that I have signed the key. Since you trust me,
you then trust that, since I signed the key, I verified it is Collins' key.

Hmmm... Yeah, I guess that does sound kinda complex. Maybe I went in too many
layers! :D

Let me back up one layer: the main function of a key-signing party is to
verify the identity of others, so you know that you have the correct public
key for that person. 

-- 
Michael Fierro                                  miguelito at biffster.org
Y! Messenger: miguelito_fierro                           AIM: mfierro1
http://biffster.org                           http://weightjournal.com
--
"Thank you, Brigadier. But do you think for once in your life you 
could manage to arrive BEFORE the nick of time?"
     - Doctor Who
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://cluedenver.org/pipermail/clue-talk/attachments/20070629/4124c721/attachment-0002.bin

More information about the clue-talk mailing list