moin, moin, don't forget to send Austin your fingerprint as well as sending your public key to a key server. Directions in the middle of the message below are pretty easy. He needs the info no later than 15:00 tomorrow. If you miss that we can do it by hand, but it requires people know how to scrawl :). Also, don't forget to bring a copy of your fingerprint that you can read. ciao, der.hans -- # http://home.pages.de/~lufthans/ http://www.DevelopOnline.com/ # It's up to the reader to make the book interesting. # An author has only the opportunity to make it uninteresting. - der.hans ---------- Forwarded message ---------- Date: Tue, 16 Oct 2001 00:36:08 -0700 From: Austin Godber Reply-To: Arizona State University Linux Users Group To: ASULUG@asu.edu Subject: GPG Key Signing Update - What you NEED to do. Hello, I sent an email earlier, I don't hink it made it yet, but here is an even BETTER one. You MUST read if you want you key signed on Wednesday. ============================================================================= Here is what you need to do prior to showing up at the Key Signing Party: 1.Generate A Key Pair 2.Send Public Key To Designated Keyserver (or Coordinator) Use this one -> http://wwwkeys.eu.pgp.net 3.Send Public Key Info To Coordinator Here is precisely what you need to do: NOTE: I will assume you either have access to gpg on a trusted machine (i.e. you have console access, your mom is the sys admin, and she hasn't trojaned the executable or installed a keyboard logger) or you will follow the installation instructions given in the HOWTO on your local machine. I could install the GPG binary on general but here are the problems with that: o I am evil and have done nasty things to the binary o The risk of Keylogging is higher and can happen here: - On your local machine - Between your local machine and general (sniffers if you're logged in cleartext - bad you) - on general o Memory won't be secure from dump on general. So here are the detailed steps: 1. Generate A Key Pair (Step 5 of GPG Party HOWTO) [joe@ag joe]$ gpg --gen-key * see the end for actual output I chose the default key type (1), asked for a 2048 bit key (confirming with a yes that I want it that big), made the key lifetime 5y (5 years), and gave it my name, email address and a comment then accepted what I had given it using "o" for OK. Now, you should type this to look at your key info, you're gonna need it: [joe@ag joe]$ gpg --list-keys --fingerprint /home/joe/.gnupg/pubring.gpg ---------------------------- pub 1024D/60258008 2001-10-16 Joe GPG User (test key) Key fingerprint = AAEF DFFB A8FC F00E 151B 46EC 011D 70EA 6025 8008 sub 2048g/98318C4A 2001-10-16 [expires: 2006-10-15] 2. Send Public Key To Designated Keyserver (or Coordinator) Use this one -> http://wwwkeys.eu.pgp.net [joe@ag joe]$ gpg --keyserver wwwkeys.eu.pgp.net --send-key 60258008 NOTE: The number at the end is the key ID, you can find it in the output of gpg --list-keys --fingerprint (see step 1 above) 3. Send Public Key Info To Coordinator The output from gpg --list-keys --fingerprint is all I need. Thats all you need to do. If you have problems send email to me or to the list perhaps. -Austin ### Long output ### [joe@ag joe]$ gpg --gen-key gpg (GnuPG) 1.0.6; Copyright (C) 2001 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Please select what kind of key you want: (1) DSA and ElGamal (default) (2) DSA (sign only) (4) ElGamal (sign and encrypt) Your selection? 1 DSA keypair will have 1024 bits. About to generate a new ELG-E keypair. minimum keysize is 768 bits default keysize is 1024 bits highest suggested keysize is 2048 bits What keysize do you want? (1024) 2048 Do you really need such a large keysize? yes Requested keysize is 2048 bits Please specify how long the key should be valid. 0 = key does not expire = key expires in n days w = key expires in n weeks m = key expires in n months y = key expires in n years Key is valid for? (0) 5y Key expires at Sat 14 Oct 2006 07:51:36 PM MST Is this correct (y/n)? y You need a User-ID to identify your key; the software constructs the user id from Real Name, Comment and Email Address in this form: "Heinrich Heine (Der Dichter) " Real name: Joe GPG User Email address: gpg@uberhip.com Comment: test key You selected this USER-ID: "Joe GPG User (test key) " Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o You need a Passphrase to protect your secret key. We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. ..++++++++++..++++++++++++++++++++++++++++++.+++++.+++++.+++++.+++++..++++++++++.+++++++++++++++.++++++++++.+++++..++++++++++.+++++..+++++++++++++++>++++++++++>+++++.....<.+++++..........+++++ We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. +++++..++++++++++......++++++++++...++++++++++.++++++++++.+++++.+++++...++++++++++++++++++++++++++++++++++++++++.++++++++++..+++++.+++++..+++++.++++++++++.++++++++++.+++++>...++++++++++...>.+++++.<..+++++...........>.+++++..........................>.+++++ <+++++..<+++++>.....+++++........<+++++>.+++++......................................<+++++.........................>..+++++...^[[A^[[A.....................................................................+++++^^^ public and secret key created and signed.