liz/hacdc-wiki
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Restructered pre-import

Browse Source
This commit is contained in:
Liz Cray
2024-07-07 13:53:31 -04:00
parent 47996087db
commit cc9e65b5c6
302 changed files with 0 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

96
Old Pages/Electronics/Keysigning.md Executable file
View File

@@ -0,0 +1,96 @@
This page is a resource for keysigning parties @ HacDC.
## Upcoming Parties
Friday, November 13th @ 7:30PM
## Past Parties
September 10th, 2009
- We had about 20 folks and about 10 of whom were productively
keysigning.
## Intro to KeySigning
- You have a private key and a public key, which you generate (your
keypair).
- gpg --gen-key
<!-- -->
- People use your public key to send you encrypted messages that only
you can open via the magic of crypto!
- gpg --output doc.gpg --encrypt --recipient obscurite@hacdc.org doc
<!-- -->
- You decrypt these messages with your private key, which only you have
access to.
- gpg --output doc --decrypt doc.gpg
<!-- -->
- But first, you must share your public key, either directly or by
uploading it to a keyserver.
- gpg --keyserver pgp.mit.edu --send-keys D34DB33F
<!-- -->
- If it's on a keyserver, they must download it from the keyserver.
- gpg --keyserver pgp.mit.edu --recv-key D34DB33F
<!-- -->
- If it was a file (called obscurite.gpg for example), they can import
it manually.
- gpg --import obscurite.gpg
<!-- -->
- Now they can sign the key and send the key back to the keyserver.
- gpg --sign-key D34DB33F
<!-- -->
- But before anyone signs anyone elses key they have to make sure that
person actually owns that key (checking physical ID).
- Minimum recommendation is state photo ID + secondary photo ID
(school, employer)
<!-- -->
- You can see who has signed someone's public key. If their key has been
signed by someone in your web of trust, then that person is in your
web of trust as well.
- gpg --list-sigs D34DB33f
<!-- -->
- Don't forget to generate a revokation certificate for your public key
in case you lose your passphrase or your key is compromised!
- gpg --gen-revoke
## DETAILS
- Obscurite generally uses the pgp.mit.edu keyserver, but
keyserver.ubuntu.com is well liked and they do sync regularly, so it
doesn't especially matter which one you use, except that pgp.mit.edu
has a nice web search interface.
- I will pass around copies of signatures so you can check people off as
you confirm their identity
- I recommend using a valid state photo ID as a minimum validation. It
is up to your personal "keysigning policy."
## Links
- [Keysigning
commands](http://commandline.org.uk/command-line/ten-steps-for-attending-a-keysigning-party/)
- [Keysigning
HOWTO](http://www.cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html#overview)
- [Perl script to generate keyring
list](http://cryptnet.net/fdp/crypto/keysigning_party/en/extra/party-table.pl)
- [Checking the integrity of the installer, even without GPG already
installed](http://www.gnupg.org/download/integrity_check.en.html)
[Category:Previous_Projects](Category:Previous_Projects "wikilink")