E-Mail and File Security With GnuPG
MerriLUG, Nashua, NH -- 15 Mar 2007
For those attending the March 2007 meeting of the Nashua Chapter
(MerriLUG) of the Greater New Hampshire Linux User Group (GNHLUG),
this is how to participate in the key signing portion of the
- If you have any obsolete user IDs on your keys, revoke the
UIDs so that they won't show up in the check lists.
- Ensure the keys you're using are available from the public
keyservers at subkeys.pgp.net. Please upload them
before the meeting if they're not already there.
A typical command line to do this would be:
$ gpg --keyserver subkeys.pgp.net --send-key [KeyID]
- Send the User ID(s), key ID, and fingerprint of the keys you'd
like to have signed to
firstname.lastname@example.org with the subject "PGP Key for MerriLUG"
BEFORE 5PM EDT on Thursday the 15th. You don't need
to send the actual key, as I will retrieve it from subkeys.pgp.net
If you're feeling geeky, this will work:
$ gpg --fingerprint [KeyID] | mail -s "PGP Key for MerriLUG" email@example.com
- Ensure your key appears on the
Check Sheet before 5PM on
Thursday. Print a copy to bring to the meeting with you.
- Bring to the meeting the Check Sheet, a separate verified copy of your
key fingerprint, and at least two reliable and recognizable photo
IDs. Whether anyone signs you key will depend on how much they
trust that you've proven your identity. Examples of good IDs to
use would be passports, driver's licenses, or military IDs.
- After the meeting, grab the
Key Ring (ASCII armored) and
sign the keys you've verified. A tool like
"CA - fire and
forget (caff)" will make this task much easier. caff is
available in the "signing-party" package for Debian, "pgp-tools"
in Fedora, as well as several other distros.