[SGVLUG] Fingerprints for Keysigning party -- pgp (gpg)

Emerson, Tom Tom.Emerson at wbconsultant.com
Thu Apr 13 10:40:17 PDT 2006


It looks like there are only 4 or 5 who've said they'll be exchanging
keys tonight (of course, everyone is welcome to do so) so we should be
able to go the more "informal" route of exchanging slips of paper
w/fingerprints.  [there is a more formalized method we could employ, but
it is too much overhead for fewer than a dozen people or so]

In general, you should print your own fingerprint using the machine
where you've created (or are keeping) your keyring -- as this is an
imperfect world, you technically should not trust anyone else's machine
for this task (unless, of course, you actually MEMORIZED a 40-character
hexadecimal string the instant you created it, in which case you don't
need someone else's copy of pgp/gpg to extract the fingerprint)

You do need to make the actual [public] key available, and to make
things easier overall, I've created an "event" on Biglumber which also
allowed me to create an event-oriented "keyring" [just the keys we'll be
working with]  You can view the details here:

http://www.biglumber.com/x/web?ev=44695 -- use the "event has a keyring"
link

For those of you planning to participate, you can post your key to this
keyring (but I'll have to "approve" it -- I'll do that around 4:00 for
anyone that puts it up today)  If you create a key at the meeting, you
can post it there and I'll release it as well.

You can also sign up with biglumber as a way to manage your public key
(though the site is sometimes a bit slow to respond)  I did get an
intersting bit of semi-spam [technically unsolicited, but related to
pgp/gpg] from "mypgp.com" -- interesting only in that it was encrypted
with my public key, but apparently keyed off the fact he is watching the
RSS feed of recently added entries [and they say *I* don't have a life!]

See you tonight!

Tom


More information about the SGVLUG mailing list