[ale] Keysigning get-together?

Scott Castaline skotchman at gmail.com
Fri Oct 21 16:03:02 EDT 2011


On 10/21/2011 03:39 PM, Michael B. Trausch wrote:
> On Fri, Oct 21, 2011 at 03:21:24PM -0400, Scott Castaline wrote:
>> I might be interested. When? I have to admit I need familiarize
>> myself more with it, so if anyone has any pointers, they would be
>> well taken.
> Getting started is simple.  GnuPG is installed by default on most
> GNU/Linux distributions, and most mail clients are able to handle it.
> GNOME also has support for it built-in.
>
> To get started, basically:
>
>   * Create a key pair.  You can do this using the command "gpg
>     --gen-key".
>
>     * Choose "RSA and RSA", which is preferred.
>
>     * Use at least 2,048 bits for the keysize.
>
>     * GENERATE THE KEY WITH AN EXPIRATION DATE.  This will ensure that
>       the key has (note: VERY) limited protection against loss, because
>       people will not use a key if it has expired.  I used to generate
>       mine annually.  My last set was for 6 years, my current set will
>       work until 2015, and at that point I plan to generate a keypair
>       for 10 years.  Do however it is best for you, but keep in mind
>       that the more frequently you generate your keys, the more
>       frequently you will have to get it signed by others.
>
>       I'd say somewhere between 5 and 10 years is reasonable.
>
>     * Use your real name ("First Last" or "First M. Last") on your key,
>       as this will be what is verified in-person at keysigning.
>
>     * Choose a strong PASS PHRASE for your key.  I typically make mine
>       an entire sentence that has no fewer than 6 words.  Find a way to
>       include numbers and punctuation, of course.  But do it such that
>       YOU will remember it and nobody can GUESS it.  The point of using
>       such a long pass PHRASE is that the encryption of the private key
>       can not feasibly be brute forced (the pass phrase protects the
>       private key).
>
>     * After you have generated your key pair, GENERATE A REVOCATION
>       CERTIFICATE FOR THE KEY.  This is important.  It is also
>       important that you KEEP THE REVOCATION CERTIFICATE SECURE.  The
>       revocation certificate can be used to revoke your key, to inform
>       others that it should no longer be used.  What I typically do is
>       print mine out and put it in a secure location.  If you have a
>       safe, that would probably be fine.
>
>       Anyone who gets their hands on the revocation certificate can
>       type it in and use it to invalidate your key, so do not store it
>       anywhere.  It is a very powerful little bugger, but it is utterly
>       necessary if you ever lose your private keys to tell people that
>       you can no longer use those keys.
>
> If you need more assistance, of course, ask!  :)
>
> 	--- Mike
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
Thanks Mike, that's the gist of what I have and had dug up so far. I am 
definitely in. Pretty much open when as long as it's announced in 
advance ie; say a couple of days or next meeting, not let's do it 
tonight!!! Unfortunately my days of impromptu scheduling are over :-(


More information about the Ale mailing list