[wellylug] Meeting next week (GPG Key signing)

Hugh Davenport hugh at davenport.net.nz
Mon Jun 9 10:20:09 NZST 2014 

Hi All,

So far I have no speakers for next week, so if you have something, let 
me know.
Otherwise I'll probably do some talk on some security stuff (to keep the 
theme).

I'll also run a GPG key signing party. I mentioned this a few months 
ago.

Below is some instructions that were sent round my work recently, so 
feel
free to follow them, or some of these links. If you have any ideas on 
how to
help people, reply to this, or shout out on the night. If you are stuck 
with
any of this, bring a laptop or something along.

You will need to bring your key fingerprint (see below), and some ID (I 
will
be happy with just one form, but some people like to have 2).

[1] https://wiki.debian.org/Keysigning
[2] https://we.riseup.net/riseuplabs+paow/openpgp-best-practices
[3] 
http://www.cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html
[4] https://wiki.ubuntu.com/KeySigningParty

If you are scared of command lines there's the "Passwords and Keys" bit
of Preferences in Gnome/Unity/whatever, also called Seahorse.


1. Setting up gpg effectively
=============================

Stick these 4 lines in ~/.gnupg/gpg.conf so that you use a nice fast NZ
key server, and don't end up using SHA1 which is bad:

   keyserver hkp://pgp.net.nz

   personal-digest-preferences SHA256
   cert-digest-algo SHA256
   default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 \
                           AES CAST5 ZLIB BZIP2 ZIP Uncompressed


2. If you don't have a PGP key and need to create one
=====================================================

Create a key, then send it to the server:

   gpg --gen-key

      # Enter the following:
      # 1          - key type RSA and RSA (default)
      # 4096       - key size
      # 0          - unless you have reasons, non-expiring key
      # Your Name  - e.g. Harry Potter
      # Email      - e.g. harry.potter at hogwarts.ac.uk
      # Comment    - Leave blank, it can mess up some tools/scripts

   gpg --keyserver pgp.net.nz --send-key <KEYID>  # your key here


3. Print off your key fingerprint
=================================

This is the bit we need at the key-signing party. You'll need to print a
bunch of them to give to other people. Take the output from this
command, and paste it into a document so there's a few on a page, then
print it and cut them out into scraps to exchange on the day:

   gpg --fingerprint <KEYID>

There is also a tool called gpg2ps in the keysigning debian package. 
Which
does basically the same thing.

More information about the wellylug mailing list