[ale] Keysigning Event Details

Charles Shapiro hooterpincher at gmail.com
Wed Nov 30 09:42:32 EST 2011


Wow, I am so flattered that y'all have updated that keysigning howto.
Thank you Michael for your  careful reading and editing.

-- CHS


On Tue, Nov 29, 2011 at 7:24 PM, Michael H. Warfield <mhw at wittsend.com> wrote:
> On Tue, 2011-11-29 at 16:23 -0500, Aaron Ruscetta wrote:
>> Michael's updates have been incorporated.
>
>> <http://ale.org/static_pages/keysign_party_111208.html>
>
>> Charles' HOWTO page has bee updated to point users back
>> to the new process instructions.
>
>> Let me know if this looks right now and I'll publish it...
>
> I'm good with it.
>
>> peace
>> aaron
>
> Regards,
> Mike
>
>> On Tue, Nov 29, 2011 at 1:25 PM, Michael H. Warfield <mhw at wittsend.com> wrote:
>> > Hey Aaron,
>> >
>> > On Mon, 2011-11-28 at 23:02 -0500, Aaron Ruscetta wrote:
>> >> Hey, all!
>> >
>> >> I wanted to check in with everyone involved on the details
>> >> for the keysigning event.
>> >
>> >> We had a lot of info prepared for the last time we did this
>> >> in 2009, so I took that main announcement page and revised
>> >> it with the new date and location.  It includes lots of how to
>> >> info and links, including a step by step on key generation
>> >> that Charles Shapiro put together. Please review, check link
>> >> and let me know if you have revision requests.  Once it's
>> >> all good, I'll publicize it and make it the basis for
>> >> announcements:
>> >
>> >> <http://ale.org/static_pages/keysign_party_111208.html>
>> >
>> >> Biggest point is to have Michael verify the process outlined
>> >> and make sure he is comfortable with how it reads. It's
>> >> been edited according to his email announcement, but
>> >> may need touch ups.  I think it important to make the
>> >> steps as clear as we can.
>> >
>> > Under "Required Process:"
>> >
>> > Step 1:
>> >
>> > Reference to Charles' GPG Howto - Mention to NOT follow the instructions
>> > at the bottom for submitting the keys to the WittsEnd server!  I think
>> > that Howto could probably use a brush up.  Newer version of gpg all
>> > support generating RSA/RSA keys and even have it as a default.
>> >
>> > Below that, I would change "GnuPG2" to just "GnuPG" since that's a true
>> > statement for both gpg v1 and gpg v2 and has been so for quite some
>> > time.  For our purposes gpg and gpg2 are functionally equivalent and
>> > there's really no reason to prefer one over the other.
>> >
>> > Probably don't really need to bold "strongly" either, since it's now the
>> > default and most people will just use the default for new keys unless
>> > they have a strong reason or preference otherwise.  By the same token,
>> > there's already 4 DSA keys (out of 15) on the keyring.  I don't want to
>> > discourage anyone who already has a key they want to keep.  Hell, my
>> > DF1DD471 key is an ancient single 1024 bit RSA is that's both sign and
>> > encrypt combined.  You have to take gpg into expert mode in order to
>> > even enable that option to create a key like that any more.
>> >
>> > Since this is under "Required Process" we should make it clear that step
>> > 1 is "optional" rather than imply you have to create a new key.
>> >
>> > How about this for reworking the first parts of step one:
>> >
>> > Generate a key (if you don't already have one)*.  Remember your pass
>> > phrase!
>> > ---
>> > To help with this, Charles Shapiro has prepared an excellent GPG Howto
>> > page with step by step command line directions for using the gpg (gpg2)
>> > program to generate, store, sign, register and use GPG keys.
>> > ---
>> > *RSA/RSA Key pairs of 2048 bits or more are recommended for new keys.
>> > This is currently the default for the most recent releases of GnuPG and
>> > GnuPG2 (gpg/gpg2), which is available for download and installation on
>> > most platforms from  gnupg.org  (for Mac OSeX see  sourceforge  )
>> >
>> > Step 2:
>> >
>> > {your key sig} should be {your keyid}
>> >
>> >
>> > Step 6:
>> >
>> > It can speed the process up if they line up the order that they are
>> > listed on the sheet.  Hunting for names at random can slow the process
>> > down if there are a lot.
>> >
>> >
>> > Step 9:
>> >
>> > You don't actually have to log into the BigLumber site.  You merely
>> > return to our keyring on the site (URL in step 2), download the keyring,
>> > and import it into your gpg keyring and proceed with signing.
>> >
>> > So something like this...
>> >
>> > --
>> > Return to http://biglumber.com/x/web?keyring=4254 and click on "Download
>> > this keyring" and copy and paste it to a file or run the following
>> > command:
>> >
>> > curl "http://biglumber.com/x/web?keyring=4254;download=1" > keyring.txt
>> >
>> > Don't forget the quotes around the URL (note the semicolon).
>> >
>> > Import the keyring to your keyring with:
>> >
>> > gpg[2] --import keyring.txt
>> >
>> > Now proceed to sign the keys (one at a time) you've verified with:
>> >
>> > gpg[2] --sign-key [keyid to be signed]
>> > --
>> >
>> > Step 10:
>> >
>> > --
>> > Export the keys you've signed to a keyring file.
>> >
>> > gpg[2] --armor --export [list of signed keyids] > keyring.txt
>> >
>> > Now return to the BigLumber site and upload the signed keys by clicking
>> > on "Browse" at the bottom, browsing to the keyring file of the signed
>> > key, selecting that, and finally hitting "Submit Query".  This may take
>> > some time to upload the keyring but it should then merge the new
>> > signatures from that upload into our keyring on BigLumber.  As of
>> > November 29, the keyring stood at 15 keys and over 330K long so this
>> > process may take a minute or two depending on speeds and the size of the
>> > final keyring.
>> >
>> > You can also send the keys directly to the global public keyservers with
>> > this command:
>> >
>> > gpg[2] --send-keys [list of signed keyids]
>> >
>> > Let us know when you've done this either by sending the organizers a
>> > message or posting it to the ALE list so others know there are updates
>> > up there.  I'll also make a posting to the ALE list when everyone has
>> > checked in that they have completed signing.
>> > --
>> >
>> > Step 11:
>> >
>> > Not sure if we really need to say that but it's ok but we need to insert
>> > a step so move it to 12 if you want to keep it.
>> >
>> > We need this step.
>> >
>> > --
>> > When all the signatures have been collected (will be announced on the
>> > ALE list) you can return to the BigLumber site and repeat the download
>> > and import keyring steps as in step 9.  This will then import all the
>> > signatures everyone else has made to your own keys (as well as the other
>> > keys).
>> >
>> > Alternatively, if you only want to import the signatures for your the
>> > full keyring will be pushed up to the public keyservers at that time and
>> > you can update your individual key(s) at any time with this command:
>> >
>> > gpg[2] --recv-keys [list of your key ids]
>> > --
>> >
>> >> I still want to add location details for the eatery, but we
>> >> have to decide between the "battle and brew" and the
>> >> Marietta diner.  I have a small preference for the latter,
>> >> especially if we can give them a heads up and maybe
>> >> get a reserved area, but either would be welcome.
>> >
>> > It looks like we've got one "role key" on the list now.  It's this key:
>> >
>> > [mhw at canyon downloads]$ gpg --fingerprint 450F89EC
>> > pub   1024D/450F89EC 2003-02-03 [expires: 2013-06-30]
>> >      Key fingerprint = 2E66 557A B97C 19C7 91AF  8E20 328D A867 450F 89EC
>> > uid                  PAUSE Batch Signing Key 2011 <pause at pause.perl.org>
>> > uid                  PAUSE Batch Signing Key 2003 <pause at pause.perl.org>
>> > uid                  PAUSE Batch Signing Key 2005 <pause at pause.perl.org>
>> > uid                  PAUSE Batch Signing Key 2007 <pause at pause.perl.org>
>> > uid                  PAUSE Batch Signing Key 2009 <pause at pause.perl.org>
>> > sub   2048g/7E1B2FA1 2011-03-06 [expires: 2013-06-30]
>> >
>> > I'm presuming the owner of this key is not looking to get it signed but
>> > I'll inquire anyways.
>> >
>> >> peace
>> >> aaron
>> >
>> > Regards,
>> > Mike
>> > --
>> > Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
>> >   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
>> >   NIC whois: MHW9          | An optimist believes we live in the best of all
>> >  PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
>> >
>>
>
> --
> Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
>   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
>   NIC whois: MHW9          | An optimist believes we live in the best of all
>  PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!



More information about the Ale mailing list