Hello people!
So, I will be hosting a Key Signing party in Mexico during the Tor Meeting.
Key signing parties should be called certificate verification parties but we are conditioned by the interface, so we call it key signing.
Please send me your key on a signed email (unless is another kind of key...), even if it is already in db.torproject.org. before Sept. 29th.
------------------- DEADLINE Sept 29th. -------------------
You also need to be present on the party to get signatures...
Lets verify and kill the MitM!
------------------------------------------------------------------ INSTRUCTIONS ------------------------------------------------------------------
Please don't participate of the party if you don't want public signatures... it creates overhead and its very likely that somebody will upload your key to the server with a new signature!
Make sure you have a 4096 bit RSA key. If not, generate a new one: http://ekaia.org/blog/2009/05/10/creating-new-gpgkey/
Make sure you follow the OpenPGP Best Practices: https://riseup.net/en/security/message-security/openpgp/best-practices
You can get your key on a file called mynickname.asc by doing:
gpg --export --armor [your fingerprint] mynickname.asc
You can also use this opportunity to add your OTR fingerprints, or other services you may want to certify for the people attending.
For the OTR fingerprint, depending on your client:
Pidgin: https://otr.cypherpunks.ca/help/fingerprint.php Adium: https://adium.im/help/pgs/AdvancedFeatures-OTREncryption.html BitlBee: otr info irssi: /otr info
At the meeting: verify ======================
0. don't sign anything!
1. i will send the final file the day before, through the list
2. you can come with your laptop, or with a printed version of the file.
3. if you print the file, write the output of this command on the paper:
gpg --print-md sha256 fingerprint-verification-unverified.txt
4. read out the checksum and make sure everyone has the same file
5. create a copy of the file to make notes: % cp fingerprint-verification-unverified.txt fingerprint-verification-annotated.txt
6. everyone (silently): verify your fingerprint(s) and user ID(s) in the document are correct
7. everyone (publically): identify yourself and verify that the fingerprint(s) and user ID(s) are correct
8. everyone: fill in the checkboxes in fingerprint-verification-annotated.txt: Fingerprint OK, ID OK
9. when done, sign the document: gpg --detach-sign fingerprint-verification-annotated.txt
10. at home, sign the keys.