Michael C. Toren on 3 Apr 2007 06:27:27 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Wednesday's keysigning

On Tue, Apr 03, 2007 at 01:05:05AM -0400, Alex Launi wrote:
> Is there a guide that has exactly what I need to do for the key signing?

The short answer:  For the meeting, bring enough (5 to 10) printed
copies of your key's fingerprint to hand out to others, along with photo
identification that you feel will be sufficient for others to verify
your identity.

At the keysigning, when someone gives you a printed copy of their
fingerprint, determine to your own satisfaction if their photo
identification matches the real name on their key.  If it does, scribble
your initials on the printed fingerprint, and take it home with you.

When you're back home, obtain electronic copies of the keys you intend to
sign, most likely by downloading them from public keyservers.  Confirm
that the fingerprint of the electronic copy you've downloaded matches
the fingerprint on the printed copy in your hand, then sign the key with
gpg, and email a copy of the key with your new signature on it to the
key's owner.

Some, like myself, recommend taking the additional step of verifying the
key owner's email address in additional to their real name.  If you'd
like to do this as well, the caff(1) utility (available in the Debian
signing-party package, or at http://pgp-tools.alioth.debian.org/) can
help automate the process.

If you have any questions, please let me know.

Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug