[aclug-L] PGP Key Signing announcement
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
As a followup to our last meeting on PGP, at the Oct 11 meeting, we will
be doing a PGP public key exchange. Participation is entirely voluntary,
and it's not even essential that you participate this week. Key exchanges
can be done at any time--we'll just be doing a "large" one this week, as a
matter of convenience.
Here I will briefly describe what you need to do before coming to the
meeting, and what to do AT the meeting, if you wish to participate.
Before coming to the meeting:
1. Create your own PGP key pair, as described at the last meeting or
as descrbied in the PGP documentation.
2. Sign your own public key. Do this with the following command:
pgp -ks <Your user ID>
3. Export your public key to a file. Do this with the following
command:
pgp -kxa <Your user ID> <name>.asc
It is a good idea here to name the file with a unique filename. I
might call mine jonhall.asc, for instance. The name is not
important, except to avoid confusion when exchanging several keys.
We don't want three people bringing a file called john.asc, for
instance.
4. Copy your exported key (the .asc file) to a floppy disk. You
should bring a DOS (FAT) formatted floppy disk.
mcopy <name>.asc a:
5. Determine your own PGP Key Fingerprint ID with the following
command:
pgp -kv <Your user ID>
This will give output such as:
Type Bits/KeyID Date User ID
pub 2047/FE00FD51 1997/08/10 Jonathan Hall <jonhall@xxxxxxxxxxxx>
Copy down the KeyID (in this case, "FE00FD51").
6. Bring your floppy disk with .asc file, bring a hard copy of your
KeyID, bring a piece of paper and pen, and bring your own photo ID.
At the meeting, we will follow this procedure for the key exchange:
1. Give your floppy disk to Clint who will presumably have his laptop
along for playing games when he should be fearlessly leading us.
2. Individually, with everyone else exchanging keys, get the person's
key ID from them and write it down. Make sure you get it
directly from the person who the Key ID belongs to. Verify each
person's identity by looking at their photo ID and comparing their
name to the name associated with the KeyID. On your piece of paper
you should probably write down something like this for each person
who you get a key from:
Name KeyID
--------- -----------
Jonathan Hall FE 00 FD 51
3. Clint will, whether he wants to or not, copy everyone's keys to
everyone's disks, so when you leave, you'll have a floppy disk
with quite a number of PGP keys on it.
When you get home:
1. Copy the contents of the floppy disk to your hard drive--possibly
into a separate directory:
mkdir pgptmp
mcopy a:*.asc pgptmp
2. Import each of the files into your PGP keyring, one at a time:
pgp pgptmp/<name>.asc
When asked if you are absolutely sure that the key belongs to the
person it claims to belong to, cross reference the Key ID of the
key to the KeyID you wrote down when you verified they Key ID and
photo ID with the person at the meeting. If they match exactly, go
ahead and authorize they key. If they do not match, even if
they're off just by one letter/number, do NOT authorize the key.
Instead, contact the person again in person, get their finger
print, verify their identity, and have them give you their key
again--either by floppy or through e-mail, etc.
3. Once you have imported all of the keys, you are ready to sign them.
IMPORTANT: ONLY SIGN KEYS FOR PEOPLE WHO'S IDENTITY YOU VERIFIED IN
PERSON!!! Even if you got a key from your best friend from their
e-mail address, do not sign it!! You MUST get their key from them
IN PERSON, and verify their identity as described above. If you
have not done this, you can use their key, but DO NOT SIGN IT!!!
To sign a key that you have verified with photo ID, use the
following command:
pgp -ks <Their User ID>
You can sign keys as you import them if you wish, or you can import
them all and sign them later. Either way, it is ESSENTIAL that you
verify a person's true identity with a photo ID before you sign
their key.
4. Export the signed keys with the following command:
pgp -kxa <Their User ID> <name>.asc
You probably want to use their name or a form of their name for the
filename--same as when you exported your key before attending the
meeting.
5. Return the exported key (the .asc file) to the owner. E-mail is
probably the simplest way. You could also bring it on a floppy
disk to the next meeting if you wish.
6. Then, when they receive the signed key from you (or when you
receive your own signed key from someone else), add that signature
to your own keyring with this command:
pgp <file>.asc
PGP will realize that it's your own public key, and that there's a
new signature on it, and it will ask you if you wish to import the
new one.
7. Then, once you've imported the new signature, you will want to
re-export your own key before you distribute it again, so that the
key reflects the new signature(s). Use this command, exactly as
before:
pgp -kxa <Your User ID>
That should be all for now. We'll go over the procedure again at the
meeting, so don't fret if you don't understand it all. The important
thing now is to be sure you bring the appropriate things to the meeting:
- Your public key on a floppy disk
- A hard copy of your Key ID
- A paper
- A pen (don't bring a pencil--that can easily be altered)
- A photo ID of yourself
If you've got questions, call Radio Shack--they have answers. :-)
(Or ask on the list--I might be able to help, too)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Jonathan Hall * jonhall@xxxxxxxxxxxx * PGP public key available
Systems Admin, Future Internet Services; Goessel, KS * (316) 367-2487
http://www.futureks.net * PGP Key ID: FE 00 FD 51
-= Running Debian GNU/Linux 2.0, kernel 2.0.36 =-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [aclug-L] PGP Key Signing announcement,
Jonathan Hall <=
|
|
