January 2006 Sprint Key Signing

Since I think all of the remote people will be at the January Sprints, this is the perfect time to have a Key Signing Party.

Building a strong "web of trust" is key to the workings of PGP because key signings validate a public key. You can feel better trusting a key that has been signed by twenty people over a key that has been signed by only a few.

All you need to do to participate in the Key Signing Party is to have and/or do the following:

• Have a PGP Key Pair - see below for information on creating one if you don't have one
• Add your PGP Key info to the Key List below
• Show up with your Key info and ID (since we all know each other the ID portion should be rather easy)

Note: It is not required, and in fact is discouraged, to bring a laptop to the Key Signing Party. The purpose of the meeting is to verify face-to-face the other person and their Key info with the actual key signing done by you later.

I'll have printouts of the Key List below so you can verify each key and the person's ID and also bring a printed copy of your Key Fingerprint. Then you can verify each person on your list with their Fingerprint and they will do the same.

Key List

Generating a Key Pair

Read Section 3.5 of the GnuPG Keysigning Party HOWTO for a detailed breakdown of steps.

Useful Resource about PGP, Keys and Key Signing Parties

All of these links were pulled from a great HOWTO page: GnuPG Keysigning Party HOWTO

• GnuPG FAQ
• GnuPG Handbook
• GnuPG Mini Howto (English)
• comp.security.pgp FAQ
• Strong Distribution HOWTO
• Guerrilla Software Development HOWTO
• PGP Compromise HOWTO
• Cryptography Dictionary

Mail application resources:

• Enigmail extension for Thunderbird
• MacGPG
• GPG plugin for Mail.app