UCTrust Workgroup
Child pages
  • UCTrust PGP Key Signing Parties

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

UCTrust PGP Key Signing Parties

The UCTrust participants rely on PGP cryptographic signatures to verify the authenticity of electronic mail communications and federation metadata that are critical to the operation of UCTrust.  In order to create the web of trust needed for this verification, key signing "parties" are conducted during UCTrust meetings.  This document describes this key signing process.

  1. Prior to the meeting, people who are not yet part of the web of trust should install PGP software, generate a public / private key pair, and upload the public key to one of the global PGP key servers, such as subkeys.pgp.net.
  2. Also prior to the meeting, everyone should bring cards or slips of paper showing their public key IDs and fingerprints, for example:

pub   1024D/6849ABF9 2007-07-25 [expires: 2012-07-23]
      Key fingerprint = 8B62 E459 6C53 3771 5C71  718F AD49 8EBB 6849 ABF9
uid                  David Walker <David.Walker@ucop.edu>
sub   4096g/51C3D427 2007-07-25 [expires: 2012-07-23]

was generated with the " gpg --fingerprint david walker

  1.  
  • No labels