PGP public keys, with their attached validation signatures, are distributed primarily via public keyservers and secondarily via the websites of the key owners.
Prior to attending, you print out the fingerprints of your own various keys, and of the people whose keys you plan to verify. In EnigMail you view the key properties to find the fingerprint. This is not secret. For example my fingerprint for is B452 0372 6F10 2713 4FF5 7AE1 945A 4DDA BC35 BEDB. With GnuPG, you can find out fingerprints with:
When we meet, we verify everyone’s fingerprints, making sure that your copy of my public key and my copy of your public key are both correct.
We show each other id to convince each other we are who we claim to be.
Once we return home with verified key signatures, we import the keys if we don’t already have them, the we sign each others’ verified keys
It’s discouraged to bring your own laptop, diskettes, CD (Compact Disk) s, flash drives etc. to a key signing, especially for a mass key-signing party, where they are generally forbidden. This is to ensure that there’s no shoulder-surfing or keylogging of pass phrases. All that’s required is our key fingerprints, which are cryptographically-sufficiently unique to verify the key.
Once keys are cross-signed, upload them to public key servers (with the attached endorsements), and upload any online copies you have on your website. That way anyone fetching your key will get the endorsements as well. You upload both your own public keys and the public keys of others you have signed. The web database will merge the endorsements from various sources.
Additionally, if you have multiple keys, cross-sign them with each other. That way, someone who has acquired a verified key for one of your email address automatically has verified copies of your other addresses.
You can then download your own public keys to get copies of the recent endorsements. See GnuPG for details on how you disseminate your public keys.
available on the web at:
optional Replicator mirror
Please email your feedback for publication, letters to the editor, errors, omissions, typos, formatting errors, ambiguities, unclear wording, broken/redirected link reports, suggestions to improve this page or comments to Roedy Green : . If you want your message, your name or email kept confidential, not considered for public posting, please explicitly specify that. Unless you state otherwise, I will treat your message as a letter to the editor that I may or may not publish in the feedback section. After that, it will be too late to retract it. If you disagree with something I said, especially when sending an ad-hominem attack, a rant composed mainly of obscenities or a death threat, please quote the offending passage and cite the web page where you found it, tell me why you think it is wrong, and, if possible, provide some supporting evidence. I can’t very well fix erroneous or ambiguous text if I can’t find it.
Your face IP:[22.214.171.124]
|Feedback||You are visitor number 10,855.|