[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]
[Fwd: July Meet and PGP keysigning party]

Subject: [Fwd: July Meet and PGP keysigning party]
From: Sudhir Parasuram <sparasur@xxxxxxxxx>
Date: Fri, 09 Jul 1999 16:07:20 +0530
Hi,

Looks like the following wasn't posted to this list. So have dared to do
the same ;-) Can the organisers (Dr.Sriram, Prabhu and others) kindly
look into the same ?

Regards,
Sudhir.P

Raj Mathur wrote:
> 
> Hi All,
> 
> At the next Linux-Delhi meeting we plan to have a PGP key-signing
> party (no, a keysigning party doesn't necessarily mean beer and
> snacks!).  I'm sending this message to other lists too, in the hope
> that we can organise similar activities in other cities. Cybercomm
> moderator, please post this message on your list.
> 
> The next Linux-Delhi meeting is on Sunday, 18th July 1999 at the Delhi
> College of Engineering.
> 
> Here's some quick dope on PGP and the key-signing part of it.
> 
> ** What is PGP?
> 
> PGP (which stands for Pretty Good Privacy) is a tool which allows you
> to encrypt data (typically e-mail) so that it is not viewable by
> anyone except the person it's meant for.  PGP is also used to
> unambiguously electronically sign documents so that the identity of
> the creator/originator of the document can be proven.  As you can
> guess, PGP is useful for sending e-mails which should only be read by
> the addressee, and/or which should be clearly be proven as having
> originated from you.  There are other uses too -- e.g. RPM packages
> can be signed with PGP so that any tampering with the package can be
> detected.
> 
> ** How does it work?
> 
> PGP uses public-key cryptography, which means that everyone has two
> keys -- a ``Public Key'' and a ``Secret Key'' (a key is nothing but a
> string of characters which are fed into the encryption algorithm to
> obtain an encrypted result.  The same document encrypted by the same
> method but with different keys will yield different results).
> 
> The keys complement each other, which means that anything encrypted
> with your public key can only be decrypted with your secret key, and
> anything encrypted with your secret key can only be decrypted with
> your public key.  This is the heart of PGP and all Public-Key
> Cryptography, so don't forget it!
> 
> You make your public key as easily available to others as possible --
> put it in your .plan for finger, put it on your web page, send it to a
> PGP keyserver, publish it in the newspaper, etc.  You never ever
> reveal your secret key to anyone.
> 
> The rest is trivial.  If you want to send me a private (For Your Eyes
> Only) e-mail, create your message, encrypt it with my public key and
> send me the message.  Since the message is encrypted, no one who
> intercepts (e.g. the root user on VSNL's mail server :-) will be able
> to read it;  since it is encrypted with my Public key, I will be able
> to decrypt and read it using my Secret key (remember?)
> 
> Similarly, if you have to sign a message to me, encrypt it with your
> Secret key.  When I receive the message, I'll try to decrypt it with
> your Public key.  If it decrypts then the message must be from you,
> since only you (who know your Secret key) could have encrypted it.  If
> there's a problem in decrypting then either the message is a forgery
> or someone tampered with the contents of the message on the way.
> 
> ** Where do I get PGP?
> 
> You can download source for PGP 5 for Unix or PGP 6 for Winduhs from
> 
>         http://www.pgpi.com/
> 
> If you're on Linux, you can get .deb's and .rpm's etc.  I used the
> following query to search for them:
> 
>         http://www.altavista.com/cgi-bin/query?pg=q&kl=XX&stype=stext&q=%2Bpgp+%2B%28deb+rpm%29
> 
> I found an RPM of PGP 5 at:
> 
>         ftp://ftp.replay.com/pub/replay/pub/linux/redhat/i386/pgp-5.0i-7.i386.rpm (doesn't work half the time!)
> 
> ...and a DEB at:
> 
>         http://ftp.uevora.pt/debian-non-US/potato/binary-i386/pgp5i_5.0-3.deb
> 
> ** How do I run PGP?
> 
> I can do no better than to point you to the Linux PGP HOWTO:
> 
>         http://members.aa.net/~rubino/pgp.html
> 
> In order to be a part of the key-signing party, you just need to have
> generated your public and secret keys and got the relevant information
> (detailed under) to me.
> 
> ** Why does my key need to be signed?
> 
> Since the 'net is the most popular method of distributing public keys,
> it's as easy to tamper with keys as it is to tamper with messages --
> thereby defeating the very purpose of PGP itself!  So it's important
> that you do not trust bare keys which you have got from the Internet,
> unless (a) you have contacted the owner of the key seperately *and via
> a different medium, e.g. phone, fax or snail-mail* and verified the
> key actually belongs to him/her, or (b) verified that the key is
> signed by someone you trust.
> 
> A key signature is nothing but a sort of affidavit from someone that
> they believe that it (the key) actually belongs to the person it is
> supposed to belong to.  Thus if I know you and have your key details,
> I would be willing to sign your key, effectively telling the world,
> ``Yes, I believe that this key really belongs to Your Name''.  Now
> when someone accesses this signed key over the 'net, they see my
> signature on it and think, ``Hey, Raju believes that this key belongs
> Your Name, and I trust Raju's judgement, so I'm willing to accept this
> key''.  Of course, they could also think, ``Raju believes this is Your
> Name's key, and I think Raju is a big liar and completely
> untrustworthy, so I will definitely not use this key to correspond
> with Your Name'', but that's more unlikely (I hope!).
> 
> ** So what's a keysigning party after all?
> 
> First of all, it's not a party in the normal sense of the word!
> 
> At a PGP keysigning party, all the people present must make some
> information available to the party host (in this case, me) before the
> date of the party.  At the party itself, this information will be
> available in printed format to everyone.  Each person interested in
> having his/her keys signed then has to prove that they actually are
> that person, e.g. by means of a driving license, a passport, credit
> card with photo, etc. and to orally verify that the key details on the
> printed paper actually are his/hers.
> 
> Once you are satisfied as to the identify of the people present, you
> can go home, get their keys (by whatever means), sign them and then
> upload the signed keys to me.  I will then redistribute the signed
> keys to their owners, who can then upload them to the standard
> places.
> 
> ** What information do I need to provide, and when?
> 
> 1. In order for you to be part of the keysigning process you must make
> the following information available to me LATEST BY Wed, 14th July
> 1999:
> 
>         o Primary user-ID of the key (e.g. Raju Mathur <raju@xxxxxxx>)
>         o Key size and key type (e.g. RSA/768)
>         o Key ID (e.g. 0x83E874DD)
>         o Key Fingerprint (e.g. F2 D4 4A 21 27 B0 63 FF  15 97 9D AE 9D 40 BC B8)
> 
> All this information is available using the command ``pgpk -ll <your
> name>''
> 
> 2. After the ``party'', you must sign all the keys you wish to and
> send them to me NO LATER THAN Sunday, 15th August, 1999.  I will
> redistribute the keys to their owners.
> 
> ** What other resources are there to help me learn about PGP and
> keysigning parties?
> 
> PGP:
> 
>         http://www.pgpi.com/
> 
> A specific keysigning party (I got my info from here):
> 
>         http://ftp.nl.net/events/sane98/keysigning-party.html
> 
> PGP keyservers:
> 
>         http://www.pgpi.com/services/keys/keyservers/
> 
> Keysigning Party Guide:
> 
>         http://www.herrons.com/kb2nsx/keysign.html
> 
> Or send a mail to the list or to me.
> 
> Copyright (C) 1999, Raju Mathur as per the terms of the GNU General
> Public License v2.0 or any later version.
> 
> Regards,
> 
> -- Raju
>        Raj Mathur / Web Technical Support / Silicon Graphics / New Delhi
>                   +91-124-349811         /    raju@xxxxxxx  / 551-7228
>             http://reality.sgi.com/raju / Not necessarily speaking
>            PGP: F2 D4 4A 21 27 B0 63 FF | for Silicon Graphics.
>                 15 97 9D AE 9D 40 BC B8 | It is the Mind that Moves

-- 
When you hit rock bottom, there is no way, but, up.

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Sudhir.P                     TEL  : (Off): +91-44-37419(39,40,41)
Ext.2332
HCL-CISCO                           (Res): +91-44-6370143
Offshore Development Centre  FAX  : (Off): +91-44-3741038
49-50,Nelson Manickam Road   Email:  sparasur@xxxxxxxxx
Chennai - 600029, India      Yahoo-pager: sudhir_lp
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

------------------------------
Prev by Subject: Re: [Debian Available at Landmark]
Next by Subject: Re: [Fwd: July Meet and PGP keysigning party]
Previous by thread: Re: Want to meet ILUG-C folks in late Aug...
Next by thread: Re: [Fwd: July Meet and PGP keysigning party]
Index(es):
- Subject
- Thread