[NBLUG/Announce] GPG Key Signing Party!

augie schwer at sonic.net
Sat Mar 1 11:52:00 PST 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

<http://nblug.org/augie/gpg/gpg-announce.html>

WHAT: GnuPG Key Signing Party.

WHERE: O'Reilly and Associates, Sebastopol
       http://nblug.org/directions.cgi
       http://ora.com/oreilly/seb_directions.html

WHEN: After the general meeting.

WHY: A key signing party properly facilitates the signing of your
GnuPG public key by other GnuPG users. Having your public key signed
increases the "web of trust" for everyone, and brings more validity to
your key, as it represents your identity.

What to bring?

1. Your self (physical attendance is mandatory)
2. Picture ID
3. Your Key ID, Key type, HEX fingerprint, and Key size
   (probably just make a print out from your keyring...unless
   you've got all this memorized ;) )
4. Something to write with
5. NO computer!

How does it work?

1. Before the party generate a key pair, and either upload your
   public key to a public key server such as www.keyserver.net, or be
   prepared to tell people from where they can access your public key on
   the internet.
2. Email your public key to the coordinator: augie at nblug.org
3. The coordinator prints a list with everyone's key ID, key type,
   fingerprint, and key size from the compiled keys and distributes
   copies of the printout at the meeting.
4. Bring along a paper copy of your key ID, key type, fingerprint,
   and key size that you obtained from your own keyring. Also bring a
   photo ID.
5. You will be making two marks on the listing, one for correct key
   information (key ID, key type, fingerprint, and key size) and one if
   the ID check is ok.
6. Now mingle. The point is to meet as many people, and get as many
   signatures as you can.
7. When you meet someone read your key ID, key type, fingerprint,
   key size, and user ID from your own printout, not from the distributed
   listing. This is because there could be an error, intended or not, on
   the listing. This is also the time to confirm ID information. If the
   key information matches your printout then place a check-mark by the
   key on your own distributed list, and if the ID appears to be valid
   place another check-mark on your own distributed list.
8. That's it! When you get home, take a look at your list, any keys
   on your list with TWO check-marks are valid keys, and you may download
   that key from the keyserver or from another location that the key
   owner has specified. Sign that key and upload it back to the server
   you got it from, or email it back to its owner.


Links
http://www.nblug.org/augie/gpg - shameless self promotion
http://www.mandrakesecure.net/en/docs/gpg.php - good brief
introduction into GnuPG
http://www.gnupg.org/gph/en/manual.html - more indepth information 


- -- 
irc.nblug.org #nblug
registered linux user #229905
gpg public key: http://www.sonic.net/schwer/schwer.asc
Key fingerprint = 9815 AE19 AFD1 1FE7 5DEE  2AC3 CB99 2784 27B0 C072

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE+YPcNy5knhCewwHIRAu4EAJ99m0PVjYsUd21e5s39LHcCU/5sPgCfW+HE
/LTIvViOQ6QBFPvKdACNwSk=
=tlQP
-----END PGP SIGNATURE-----



More information about the announce mailing list