Page History

...

The UCTrust participants rely on PGP cryptographic signatures to verify the authenticity of electronic mail communications and federation metadata that are critical to the operation of UCTrust.  In order to create the web of trust needed for this verification, key signing "parties" are conducted during UCTrust meetings.  This document describes this key signing process.

1. Prior to the meeting, people who are not yet part of the web of trust should install PGP software, generate a public / private key pair, and upload the public key to one of the global PGP key servers, such as subkeys.pgp.net.
2. Also prior to the meeting, everyone should bring cards or slips of paper showing their public key IDs and fingerprints, for example:

pub   1024D/6849ABF9 2007-07-25 \[expires: 2012-07-23\]
      Key fingerprint = 8B62 E459 6C53 3771 5C71  718F AD49 8EBB 6849 ABF9
uid&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; David Walker <David.Walker@ucop.edu>
sub&nbsp;&nbsp; 4096g/51C3D427 2007-07-25 \[expires: 2012-07-23\]

was generated with the " gpg --fingerprint david walker