[NBLUG/Announce] GPG Key Signing Party!

augie augie at schwer.us
Tue Sep 2 23:45:01 PDT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

<http://nblug.org/augie/gpg/gpg-announce.html>

WHAT: GnuPG Key Signing Party.

WHERE: O'Reilly and Associates, Sebastopol
       http://nblug.org/location.shtml
       http://ora.com/oreilly/seb_directions.html

WHEN: After the general meeting.

WHY: A key signing party properly facilitates the signing of your
GnuPG public key by other GnuPG users. Having your public key signed
increases the "web of trust" for everyone, and brings more validity to
your key, as it represents your identity.

What to bring?

1. Your self (physical attendance is mandatory)
2. Picture ID
3. Your Key ID, Key type, HEX fingerprint, and Key size
   (probably just make a print out from your keyring...unless
   you've got all this memorized ;) )
4. Something to write with
5. NO computer!

How does it work?

1. Before the party generate a key pair, and either upload your
   public key to a public key server such as www.keyserver.net, or be
   prepared to tell people from where they can access your public key on
   the internet.
2. Email your public key to the coordinator: augie at nblug.org
3. The coordinator prints a list with everyone's key ID, key type,
   fingerprint, and key size from the compiled keys and distributes
   copies of the printout at the meeting.
4. Bring along a paper copy of your key ID, key type, fingerprint,
   and key size that you obtained from your own keyring. Also bring a
   photo ID.
5. You will be making two marks on the listing, one for correct key
   information (key ID, key type, fingerprint, and key size) and one if
   the ID check is ok.
6. Now mingle. The point is to meet as many people, and get as many
   signatures as you can.
7. When you meet someone read your key ID, key type, fingerprint,
   key size, and user ID from your own printout, not from the
   distributed listing. This is because there could be an error,
   intended or not, on the listing. This is also the time to confirm ID
   information. If the key information matches your printout then place
   a check-mark by the key on your own distributed list, and if the ID
   appears to be valid place another check-mark on your own distributed
   list.
8. That's it! When you get home, take a look at your list, any keys
   on your list with TWO check-marks are valid keys, and you may
   download that key from the keyserver or from another location that
   the key owner has specified. Sign that key and upload it back to the
   server you got it from, or email it back to its owner.


Links:

http://www.nblug.org/augie/gpg - shameless self promotion
http://www.mandrakesecure.net/en/docs/gpg.php - good brief
introduction into GnuPG
http://www.gnupg.org/gph/en/manual.html - more in depth information

augie.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/VXwdy5knhCewwHIRAoXxAJ0UWXdgSdCXZg4cady0ARx/2MFZLQCgucf5
95hXN1i9KUomh5l4USvls2I=
=JCBe
-----END PGP SIGNATURE-----




More information about the announce mailing list