[clue-tech] Some thoughts about GnuPG (installfest hotwash).
David L. Anselmi
anselmi at anselmi.us
Sat Sep 18 22:34:02 MDT 2010
Here's a summary of SFD. I still plan to post on what I did to make my key (for "extra security"),
and also how I used my "extra secure" key to do the signing.
We had a good turnout for SFD/installfest. There were around 16 people--not a record but not too
shabby. Although a few people got some real work done I counted 10 that participated in the key
signing.
We spent a while walking through creating keys for those who didn't have them. Unfortunately there
was a lot of jumping back and forth between web pages that had the high level steps vs. those with
the low level steps so I can't send a link to what exactly we did. I'll try to put all my notes
together so we have them in the future (I should get a blog for that sort of thing).
David L. Anselmi wrote:
> * Now follow the steps at this link. When you get to the part about uploading keys, use the command:
>
> gpg --keyserver pgp.mit.edu --send-keys<key id>
>
> http://commandline.org.uk/command-line/ten-steps-for-attending-a-keysigning-party/
Several people have already uploaded their signatures, so you can see them on your keys. To update
your keyring with the latest, do:
gpg --keyserver pgp.mit.edu --refresh-keys
and that will get the latest sigs for all keys on your keyring. If you only care about your key you
can put the id at the end of the command.
You can see the sigs on a key with:
gpg --list-sigs <id>
Finally, I've signed all the keys I got fingerprints for but rather than upload them I'm going to
add a step to set the example of what can be done (the Debian signing parties work this way).
I'm going to use the caff program (from Debian's signing-party package) to encrypt and email the
sigs I made to each key's email address. Then the owner will have to decrypt the sig, import it,
and upload it.
That will prove that the email address and private key are accessible by the same person.
Dave
More information about the clue-tech
mailing list