[ale] PGP/GPG Keysigning party! ALE Central November 19th. (Mac OSeX prep)

aaron aaron at pd.org
Tue Nov 3 11:26:44 EST 2009


On 2009, Nov, 02, , at 12:47 PM, Richard Bronosky wrote:
> The macgpg stuff is a mess. I suggest installing MacPorts
> and then:   sudo port install gnupg2

Not sure if by "mess" you mean it may not generate keys properly
or if you are talking about known challenges to integrating gpg
with certain Apple softwares.  The package I installed seems to
have worked for me in producing keys, but please share if you
know of potential or hidden problems with keys made with the
latest Mac GnuPG2 release.

As for the MacPorts suggestion... I went the Fink route pretty
early on and, as I understand it, Fink and MacPorts don't play
well together. I should probably make the effort to switch,
though, since MacPorts seems to have become the better supported
path to OSS Free Software ports for Mac.

Thanks for the note and suggestion!

peace
aaron



> On Mon, Nov 2, 2009 at 12:26 PM, aaron <aaron at pd.org> wrote:
>> This past weekend I dove into doing my homework for the Key
>> signing party at the November 19th ALE meeting.  To follow
>> Michael's recommendation of generating an RSA / RSA pair
>> using Mac OSeX requires the latest GnuPG2 packages.
>>
>> I found them at:
>>
>> <http://sourceforge.net/projects/macgpg2/files/>
>>
>> It's a simple unzip / mpkg install, but requires OSeX 10.4.x
>> or better.  Though not explicitly stated, it seems to be a
>> Universal binary since it installs and runs on my PPC systems
>> without issue.
>>
>> With Mac gpg2, RSA / RSA is the default 1st choice of --gen-key
>> Other useful info and GUI based MacGPG tools can be found at:
>> <http://macgpg.sourceforge.net/>
>>
>> Also, in trying to do a write up for the event, I found a
>> very informative "How To [GPG] Party" page that covers a lot
>> of aspects of the WHY as well as the HOW of the web of trust
>> and such...
>>
>> <http://cryptnet.net/fdp/crypto/keysigning_party/en/
>> keysigning_party.html>
>>
>> HTH!
>> peace
>> aaron
>>
>>
>>
>>
>> On 2009, Oct, 27, , at 9:14 PM, Michael H. Warfield wrote:
>>> Hello all!
>>>
>>> Aaron approached me a couple of days about about running a PGP/ 
>>> GPG key
>>> signing party for the November ALE meeting.  Looking back, it looks
>>> like
>>> the last one was 6-1/2 years ago!  Wow, time flies...  Ok...  So be
>>> it.
>>>
>>> I will do a VERY BRIEF intro to public key cryptography before the
>>> meeting but a successful key signing party depends on preparation in
>>> advance on the part of the participants!  Even well organized
>>> keysigning
>>> parties can degenerate into chaos very easily.  Do not come to the
>>> meeting looking to learn how to create a new key.  You should have
>>> your
>>> keys ready in advance.  If not, still come, but understand that  
>>> you'll
>>> learn some thing about PGP but you probably won't walk away with
>>> keys or
>>> signatures.
>>>
>>> To make this go smoothly, I will collect keys in advance of the
>>> meeting
>>> and print out sheets with key fingerprints.  That saves an  
>>> incredible
>>> amount of time and effort during the actual meeting and gives me an
>>> idea
>>> of how may keys to expect and copies to make.  It also permits me to
>>> have a collected keyring I can make available to everyone after the
>>> meeting.  Please expect to provide at least one photo id which  
>>> will be
>>> projected on a screen for everyone to see (sensitive numbers will be
>>> blacked out with tape).  Drivers license or passport are preferred.
>>>
>>> With recent developments in cryptography, some doubt is being  
>>> cast on
>>> the DSS/DSA keys.  Debian folks are strongly recommending a  
>>> return to
>>> RSA keys and have some "procedures" in place for this.
>>>
>>> http://www.debian-administration.org/users/dkg/weblog/48
>>>
>>> If you are thinking it's time to dump off the old DSS/DSA keys and
>>> migrate back to an RSA 2048 bit key, now is the time as well.  My
>>> older
>>> RSA 1024 bit key is still active and I have a DSS/DSA key as well  
>>> but
>>> these are both being relegated to "legacy" and I now have a 2048/ 
>>> R key
>>> (0x674627FF).  I'm not invalidating my old keys but I will only  
>>> now be
>>> using them for key signing (my 0xDF1DD471 key is in the web of trust
>>> book and still in the PGP strong set).
>>>
>>> If you're not running the latest GnuPG, which should now be  
>>> defaulting
>>> to RSA/RSA keys, it can get a little bit tricky to create a new  
>>> style
>>> RSA key.  With older (default DSS/DSA) versions of GunPG, you should
>>> create a new key but don't accept the default DSA and select "RSA
>>> (sign
>>> only)" key instead.  Once the key is created, edit that key and  
>>> add an
>>> RSA encryption key to it.
>>>
>>> Better yet, update your GnuPG and the default will create the new  
>>> key
>>> like you want (RSA and RSA - sign and encrypt).  If you don't have a
>>> current key and you don't know what any of this is about, that's  
>>> fine.
>>> Just create a new RSA key for yourself (if it says RSA and RSA -  
>>> TAKE
>>> THAT OPTION).  If you don't see that option available, ask for  
>>> help or
>>> update your system first.
>>>
>>> What I need from YOU!  Well in advance of the meeting, please send
>>> your
>>> PGP public keys to alekeyparty at wittsend.com.  If you do not have  
>>> a PGP
>>> key and are just looking to get started, the time to start is right
>>> now!
>>> The time is NOT at a key signing party.  This list has some very
>>> bright
>>> folks on it who can help you out if you are having difficulties.  I
>>> will
>>> try to answer questions as best I can, but ask them now.
>>>
>>> Last time, we had a few people who did not submit their keys in
>>> advance.
>>> That's fine as long as it's not excessive or we will be there all
>>> night.
>>> At the very least, if you don't submit your keys in advance, your  
>>> keys
>>> must be on the public keyservers and you should come with  
>>> printouts of
>>> your key fingerprint.  I have business cards on which I have my key
>>> fingerprints printed.  Some people use little strips of paper.   
>>> All of
>>> that is fine but it should be on "dead trees edition" and enough
>>> copies
>>> so you can pass them out and people can make notes on them.
>>>
>>> Procedure at the meeting...  People who submitted their keys go  
>>> first.
>>> We will pass out the preprinted sheets and then call people up to
>>> project their id's.  The audience can then take notes on the sheets
>>> that
>>> they have confirmed their identification (anyone not showing up
>>> obviously is not confirmed AND SHOULD NOT BE SIGNED).  After that,
>>> anyone with keysigning cards or other information to pass out can go
>>> from there.  Anyone not prepared, we'll do what we can but you pays
>>> your
>>> nickel and you takes your chance.
>>>
>>> Procedure after the meeting...  I'll update MY keyring with any last
>>> minute additions, clean out the "no shows", and then make an
>>> announcement to the list.  You can then download that keyring and  
>>> sign
>>> those keys which you feel comfortable that you confirmed their
>>> identity.
>>> You can then submit them to a public key server or send them back
>>> to the
>>> same E-Mail address above and I'll submit them in bulk.
>>>
>>> Any questions, please feel free to ping me but please do it early.
>>> We've only got about 3 weeks before this thing.
>>>
>>> Side note.  I'm looking into also including a CA-Cert web of trust
>>> verification.  That's for X.509 certificates from CA-Cert
>>> <http://www.cacert.org>.  If you are interested, go up to their
>>> site and
>>> see what the deal is there.  Being preregistered with them  
>>> helps.  You
>>> can get free X.509 S/Mime certificates and register OpenID with  
>>> them,
>>> them.  That all depends on me getting some additional CA-Cert
>>> "assurers"
>>> involved (there are several in the area).  We did this at USENIX
>>> Lisa a
>>> couple of years back and it works in real well with a keysigning
>>> party.
>>> I'll post more details once I know more, if I can pull that off.
>>>
>>> Regards,
>>> Mike
>>> --
>>> Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
>>>    /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://
>>> www.wittsend.com/mhw/
>>>    NIC whois: MHW9          | An optimist believes we live in the
>>> best of all
>>>  PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure
>>> of it!
>>> _______________________________________________
>>> Ale mailing list
>>> Ale at ale.org
>>> http://mail.ale.org/mailman/listinfo/ale
>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>>> http://mail.ale.org/mailman/listinfo
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo

> -- 
> .!# RichardBronosky #!.
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo



More information about the Ale mailing list