Difference between pages "User:Daniel sobey" and "Key signing"

From LCA2014 Delegate Wiki
(Difference between pages)
Jump to: navigation, search
(Daniel Sobey)
 
 
Line 1: Line 1:
 +
= Key signing party =
 +
We should have a key signing party, up for suggestions on where and when and what format
  
I'm just a linux geek from South Australia.
 
I work for Blue Crystal Solutions as a database administrator.
 
  
  
 +
== Before the event ==
  
 +
You need a gpg key to start, create one now!
 +
You might as well make it with as big a key size as possible.
 +
<pre>gpg --gen-key
 +
gpg --list-secret-keys
 +
gpg --fingerprint FA9EC035</pre>
  
== Gpg fingerprints ==
+
== Submitting your key ==
'''Old key, will expire soon'''
+
<pre>sec  1024D/93460D15 2008-08-02 [expires: 2014-02-28]
+
uid                  Danel Sobey (dns) <dns_server@yahoo.com>
+
uid                  Daniel Sobey <dns@dns.id.au>
+
uid                  Daniel Sobey <dns_server@yahoo.com>
+
ssb  2048g/27522DED 2008-08-02
+
ssb  4096R/8978FD55 2009-09-04
+
ssb  4096R/59459AEA 2010-12-18
+
ssb  4096R/C48B056B 2011-03-21
+
ssb  4096R/B1AAA9C9 2013-02-17
+
ssb  4096R/A0CE2052 2013-02-17</pre>
+
'''new key'''
+
<pre>sec  4096R/FA9EC035 2012-03-23 [expires: 2015-03-23]
+
uid                  Daniel Sobey (dns) <dns@dns.id.au>
+
uid                  [jpeg image of size 3522]
+
ssb  4096R/791A637E 2012-03-23</pre>
+
  
 +
Currently nothing has been decided, please add suggestions below.
 +
* create a wiki page containing your fingerprints
 +
** [[https://lca2014.linux.org.au/wiki/User:Daniel_sobey Daniel Sobey]]
 +
* Some other tool, edit this page and we may use it
  
'''new key'''
+
== At the event ==
<pre>sec  4096R/7E706939 2012-07-04 [expires: 2015-01-30]
+
We will need someone to collate the keys and print them out.
uid                  Daniel Sobey (my new key 20120704) <dns@dns.id.au>
+
Please let us know how many we should print and where to print them.
uid                  Daniel Sobey (My old yahoo address) <dns_server@yahoo.com>
+
uid                  [jpeg image of size 3296]
+
ssb  4096R/B26D9553 2012-07-04
+
ssb  4096g/019B5E2F 2013-12-12</pre>
+
  
'''this key is stored on android, so probably ok as long as you trust android'''
+
What we did last year was go to a lecture theatre with a projector.
<pre>sec  4096R/2EC08895 2013-09-21
+
Each person stands up, shows their photo id and read their fingerprint aloud.
uid                  Daniel Sobey (Android key (limited trust)) <dns@dns.id.au>
+
printouts of everyone's fingerprints were provided so you can tick off as you go
ssb  4096R/F0171431 2013-09-21</pre>
+
This worked ok but took a long time to get through everyone.
 +
 
 +
== Ad hoc Signing ==
 +
 
 +
Put your fingerprint on a piece of paper and hand it out to people.
 +
No need to do it formally just swap as you meet.
 +
 
 +
Things to watch out for:
 +
* does it match thair name
 +
* Does the person have a key with that fingerprint, do the numbers match.
 +
* know that anyone can generate a key and claim an email address
 +
* if someone can be bothered they can keep trying to generate a key with the first 8 digits the same as another key but getting the whole fingerprint is nearly impossible

Revision as of 21:42, 31 December 2013

Contents

Key signing party

We should have a key signing party, up for suggestions on where and when and what format


Before the event

You need a gpg key to start, create one now! You might as well make it with as big a key size as possible.

gpg --gen-key
gpg --list-secret-keys
gpg --fingerprint FA9EC035

Submitting your key

Currently nothing has been decided, please add suggestions below.

  • create a wiki page containing your fingerprints
  • Some other tool, edit this page and we may use it

At the event

We will need someone to collate the keys and print them out. Please let us know how many we should print and where to print them.

What we did last year was go to a lecture theatre with a projector. Each person stands up, shows their photo id and read their fingerprint aloud. printouts of everyone's fingerprints were provided so you can tick off as you go This worked ok but took a long time to get through everyone.

Ad hoc Signing

Put your fingerprint on a piece of paper and hand it out to people. No need to do it formally just swap as you meet.

Things to watch out for:

  • does it match thair name
  • Does the person have a key with that fingerprint, do the numbers match.
  • know that anyone can generate a key and claim an email address
  • if someone can be bothered they can keep trying to generate a key with the first 8 digits the same as another key but getting the whole fingerprint is nearly impossible