[FOSDEM] keys and keysigning questions

Wouter Verhelst wouter at debian.org
Fri Feb 23 17:56:51 CET 2007


On Fri, Feb 23, 2007 at 05:44:02PM +0100, John Seifarth wrote:
> I have a few questions about the key signing event on Sunday.
[...]
> GPG/PGP Keysigning
> 
> 2) How many copies of the (16 page) document do I need to print and  
> fill in the checksums?

Just one.

> 3) If I add another email address to my identity (I only have one on  
> it now), is the key as signed at the keysigning automatically valid  
> for that address (or is my question already showing my lack of  
> understanding)?

That will depend on the participants; some people will sign your new
UID, others won't. It may help if you communicate that you have a new
UID on your key at the signing party.

> 4) What is the best way to disseminate my public key, and to get the  
> public keys of my correspondants? I understand there are key servers  
> somewhere, can someone explain how this works?

Make sure the following line is found in your ~/.gnupg/gpg.conf:

keyserver hkp://subkeys.pgp.net

Then, you can search for keys with

gpg --recv-key <data>

where you replace <data> with either the mail address or the key ID of
your correspondent.

After signing the key, please do not randomly upload them; you should
also attempt to verify that the email address of the key you signed is
valid. An easy way to do that is to encrypt and mail the key to the key
owner; the 'caff' script can help you with this. You can find caff in
the Debian package 'signing-party'; it's a perl script.

I'll be sure to repeat this at the beginning of the signing party on
sunday.

-- 
<Lo-lan-do> Home is where you have to wash the dishes.
  -- #debian-devel, Freenode, 2004-09-22



More information about the FOSDEM mailing list