[wellylug] Meeting next week (GPG Key signing)

hugh at davenport.net.nz hugh at davenport.net.nz
Mon Jun 16 08:40:34 NZST 2014 

Well after all that all the excitement on the mailing list this weekend
I'm looking forward to tonight. For the talk I'll give a "State of 
Encryption"
style talk, given the recent news about TrueCrypt, and some ideas 
floating
round my head.

Details are:
6pm, Lvl3 Catalyst House, 150 Willis St, TONIGHT!

I've created a new keypair for myself (as I wanted to up the keysize of
my old key). The following are the options I put in my gpg.conf (gotten 
from [1])

keyserver hkp://pgp.net.nz
fixed-list-mode
keyid-format 0xlong
with-fingerprint
personal-digest-preferences SHA512 SHA384 SHA256 SHA224
cert-digest-algo SHA512
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES 
CAST5 ZLIB BZIP2 ZIP Uncompressed
use-agent
verify-options show-uid-validity
list-options show-uid-validity

Slightly better than my earlier email, as it uses the SHA512 alg over 
SHA256 alg.
I also made my keysize 4096 instead of default 2048, and I added a 
seperate subkey
for signing, but that may be over some of your heads.

I used the gpg-key2ps package to generate a ps file (open with evince) 
to print
out for the signing tonight. So best if you do the same, and bring that 
along.

If you are completely stuck, just bring a laptop and we can help you get 
set up
there (less secure, but gets you started).

Look forward to seeing you there. If anyone else has something to talk 
about
there will be time as well as my discussion.

Cheers,

Hugh

[1] 
https://help.riseup.net/en/security/message-security/openpgp/gpg-best-practices

On 2014-06-13 09:44, Hugh Davenport wrote:
> June sounds right :-)
> 
> On 13 June 2014 9:29:33 am NZST, cryptopartyaotearoa at riseup.net wrote:
> 
>> 16th June maybe?
>> 
>> i just wanted to add that TrueCrypt, which was promoted at the
>> CryptoParty
>> recently, is no longer secure: http://truecrypt.sourceforge.net [1]/
>> 
>> cheers
>> 
>> As usual, I forgot the details
>> 
>> Monday 16th May, 6pm, Level 3 Catalyst house (doors lock at 6, so
>> arrive
>> slightly early).
>> 
>> On 2014-06-09 10:20, Hugh Davenport wrote:
>> Hi All,
>> 
>> So far I have no speakers for next week, so if you have something,
>> let
>> me know.
>> Otherwise I'll probably do some talk on some security stuff (to
>> keep
>> the theme).
>> 
>> I'll also run a GPG key signing party. I mentioned this a few
>> months
>> ago.
>> 
>> Below is some instructions that were sent round my work recently,
>> so
>> feel
>> free to follow them, or some of these links. If you have any ideas
>> on
>> how to
>> help people, reply to this, or shout out on the night. If you are
>> stuck
>> with
>> any of this, bring a laptop or something along.
>> 
>> You will need to bring your key fingerprint (see below), and some
>> ID (I
>> will
>> be happy with just one form, but some people like to have 2).
>> 
>> [1] https://wiki.debian.org/Keysigning [2]
>> [2] https://we.riseup.net/riseuplabs+paow/openpgp-best-practices
>> [3]
>> [3]
>> 
> http://www.cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html
>> [4]
>> [4] https://wiki.ubuntu.com/KeySigningParty [5]
>> 
>> If you are scared of command lines there's the "Passwords and Keys"
>> bit
>> of Preferences in Gnome/Unity/whatever, also called Seahorse.
>> 
>> 1. Setting up gpg effectively
>> =============================
>> 
>> Stick these 4 lines in ~/.gnupg/gpg.conf so that you use a nice
>> fast NZ
>> key server, and don't end up using SHA1 which is bad:
>> 
>> keyserver hkp://pgp.net.nz [6]
>> 
>> personal-digest-preferences SHA256
>> cert-digest-algo SHA256
>> default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192
>> AES CAST5 ZLIB BZIP2 ZIP Uncompressed
>> 
>> 2. If you don't have a PGP key and need to create one
>> 
>> -------------------------
>> 
>> Create a key, then send it to the server:
>> 
>> gpg --gen-key
>> 
>> # Enter the following:
>> # 1 - key type RSA and RSA (default)
>> # 4096 - key size
>> # 0 - unless you have reasons, non-expiring key
>> # Your Name - e.g. Harry Potter
>> # Email - e.g. harry.potter at hogwarts.ac.uk
>> # Comment - Leave blank, it can mess up some tools/scripts
>> 
>> gpg --keyserver pgp.net.nz [6] --send-key <KEYID> # your key here
>> 
>> 3. Print off your key fingerprint
>> 
>> -------------------------
>> 
>> This is the bit we need at the key-signing party. You'll need to
>> print
>> a
>> bunch of them to give to other people. Take the output from this
>> command, and paste it into a document so there's a few on a page,
>> then
>> print it and cut them out into scraps to exchange on the day:
>> 
>> gpg --fingerprint <KEYID>
>> 
>> There is also a tool called gpg2ps in the keysigning debian
>> package.
>> Which
>> does basically the same thing.
>> 
>> --
>> Wellington Linux Users Group Mailing List:
>> wellylug at lists.wellylug.org.nz
>> To Leave: http://lists.wellylug.org.nz/mailman/listinfo/wellylug
>> [7]
> 
>  --
>  Sent from my Android device with K-9 Mail. Please excuse my brevity.
> 
> Links:
> ------
> [1] http://truecrypt.sourceforge.net
> [2] https://wiki.debian.org/Keysigning
> [3] https://we.riseup.net/riseuplabs+paow/openpgp-best-practices
> [4] 
> http://www.cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html
> [5] https://wiki.ubuntu.com/KeySigningParty
> [6] http://pgp.net.nz
> [7] http://lists.wellylug.org.nz/mailman/listinfo/wellylug

More information about the wellylug mailing list