Difference between revisions of "Formal Keysigning"

From SOBAC Wiki
Jump to navigation Jump to search
(→‎ToDo for the Participants: Oops. Removed duplicate headings)
(Added steps to keysigning procedure)
Line 28: Line 28:
 
= Preparations before the Keysigning Party =
 
= Preparations before the Keysigning Party =
 
== ToDo for the KeyMaster ==
 
== ToDo for the KeyMaster ==
# Create a keysigning keyring, make it publicly available. This keyring will contain the public keys of the keysiging participants.
+
# Create a '''Keysigning Keyring''', make it publicly available. This keyring will contain the public keys of the keysiging participants.
 
# Collect the public keys that people send to you in encrypted, signed e-mail.
 
# Collect the public keys that people send to you in encrypted, signed e-mail.
# Immediately before the keysigning create a printout of all the KeyIDs, UserIDs and fingerprints in the keyring. Make sufficient copies for all participants. (you could send that printout to all participants in an encrypted, signed e-mail, or participants can download the keyring and print their own).  
+
# Immediately before the keysigning create a '''Printout''' of all the KeyIDs, UserIDs and fingerprints in the keyring. Make sufficient copies for all participants.  
 +
#* The Keymaster could send that printout to all participants in an encrypted, signed e-mail, or participants can download the keyring and print their own
 +
#* The Keymaster should be the first person on the list.  Document editing might be necessary.
 
#* Create the printout with:<BR><pre>gpg --no-default-keyring --keyring=./kwlug-keysigning-ring-2013-12-02.asc --fingerprints</pre> <span style="background:yellow;">Note to editor: Verify this syntax! --Bob.</span>
 
#* Create the printout with:<BR><pre>gpg --no-default-keyring --keyring=./kwlug-keysigning-ring-2013-12-02.asc --fingerprints</pre> <span style="background:yellow;">Note to editor: Verify this syntax! --Bob.</span>
  
 
== ToDo for the Participants ==
 
== ToDo for the Participants ==
# Add your key to the keysigning keyring
+
# Add your key to the '''Keysigning Keyring'''
## Get a copy of the keysigning keyring (Either download it, or request that the KeyMaster e-mails it to you)
+
## Export your Public Key with <BR> <pre> gpg --export 0xYOURKEYID &gt; MyPublicKey.pgp</pre>
## Add your public key to the keysigning keyring<BR>  <pre> '''command line for adding your public key to the keyring goes here'''</pre>
+
## Get a copy of the '''Keysigning Keyring''' (Either download it, or request that the KeyMaster e-mails it to you)
 +
## Add your public key to the '''Keysigning Keyring'''<BR>  <pre> gpg --keyring</pre>
 
## Submit the updated keysiging keyring (Either upload it, or e-mail it to the KeyMaster)
 
## Submit the updated keysiging keyring (Either upload it, or e-mail it to the KeyMaster)
 
# OR E-mail your public key to the keymaster, let him do the work.
 
# OR E-mail your public key to the keymaster, let him do the work.
  
 
= At the Keysigning Party =  
 
= At the Keysigning Party =  
# ...
+
# Keymaster distributes the '''Printout'''
 +
# First person on the '''Printout'''
 
# ...
 
# ...
 
# formal declarations and introductions like this:
 
# formal declarations and introductions like this:
 
<pre>
 
<pre>
  Bob: "I'm Bob Jonkman, and my keyID is Delta Two Charlie Charlie Echo
+
  Bob: "I'm Bob Jonkman, and my GnuPG fingerprint is  
       Five Echo Alpha"
+
       04F7 742B 8F54 C40A E115 26C2 B912 89B0 D2CC E5EA"
  
 
  Andrew: "I've known Bob since the early days, and that's really him"
 
  Andrew: "I've known Bob since the early days, and that's really him"

Revision as of 04:26, 24 November 2013

  • I'm running a formal keysigning after my presentation at KWLUG on Monday, 2 December 2013. These are the steps for both the keymaster (me) and the people attending. Feel free to make changes or additions as you see necessary. You may find some useful information in the Guidelines for Key Signing Parties.
BobJonkman 05:42, 9 October 2013 (UTC)
If you'd like to participate in the keysigning you can either:
  1. send me encrypted, signed e-mail with your public key attached
  2. Download the keyring, add your public key, then upload it to the KWCrypto ownCloud.
BobJonkman 01:12, 26 October 2013 (UTC)

This is a work in progress -- You can help create a definitive procedure for a Formal Keysigning: Login and edit this page.

Purpose

A keysigning is not meant to establish your absolute, one true, Real Name™ identity, it is merely to associate a keyID with your identity. The identity you use is up to you, as published in the UserID portion of your GnuPG/PGP key. It could be only an e-mail address, a nickname, or even your real name. It's how people identify you in correspondence, or associate you as the author of a document or software. By signing your key, people verify that the KeyID is associated with the identity by which they know you.

Concepts

Four factors of authentication:

  1. Something you know (passphrase)
  2. Something you own (key fob, pass card)
  3. Something you are (fingerprint, retinal scan)
  4. Someone who knows you (trusted introducer)

A keysigning party increases the Web of Trust, or the number of trusted introducers who will vouch for the association of your identity with your KeyID.

Preparations before the Keysigning Party

ToDo for the KeyMaster

  1. Create a Keysigning Keyring, make it publicly available. This keyring will contain the public keys of the keysiging participants.
  2. Collect the public keys that people send to you in encrypted, signed e-mail.
  3. Immediately before the keysigning create a Printout of all the KeyIDs, UserIDs and fingerprints in the keyring. Make sufficient copies for all participants.
    • The Keymaster could send that printout to all participants in an encrypted, signed e-mail, or participants can download the keyring and print their own
    • The Keymaster should be the first person on the list. Document editing might be necessary.
    • Create the printout with:
      gpg --no-default-keyring --keyring=./kwlug-keysigning-ring-2013-12-02.asc --fingerprints
      Note to editor: Verify this syntax! --Bob.

ToDo for the Participants

  1. Add your key to the Keysigning Keyring
    1. Export your Public Key with
       gpg --export 0xYOURKEYID > MyPublicKey.pgp
    2. Get a copy of the Keysigning Keyring (Either download it, or request that the KeyMaster e-mails it to you)
    3. Add your public key to the Keysigning Keyring
       gpg --keyring
    4. Submit the updated keysiging keyring (Either upload it, or e-mail it to the KeyMaster)
  2. OR E-mail your public key to the keymaster, let him do the work.

At the Keysigning Party

  1. Keymaster distributes the Printout
  2. First person on the Printout
  3. ...
  4. formal declarations and introductions like this:
 Bob: "I'm Bob Jonkman, and my GnuPG fingerprint is 
       04F7 742B 8F54 C40A E115 26C2 B912 89B0 D2CC E5EA"

 Andrew: "I've known Bob since the early days, and that's really him"