Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenPGP Meetup

Posted by michael on from the key-signing dept.

An anonymous reader writes "Please mention the upcoming OpenPGP meetups, http://openpgp.meetup.com/. getting crypto out there into the mainstream is the only defence we have from outside interference." Consider it mentioned. I don't really know how getting together at local bar or whatever brings crypto "into the mainstream", but maybe you can sign the bartender's key or something.

2 of 24 comments (clear)

  1. I can see it now... by CustomFort · · Score: 3, Funny

    Me: Hey barkeep, pour me a
    -----BEGIN PGP MESSAGE----- Version: PGP 8.0.2 - not licensed for commercial use: www.pgp.com qANQR1DBwU4Dycxpn5YWMKIQB/4jcQBenjBJUnUCg4BX7mSmJv fxGmKk4DaBoYCT mYyN2Psw/BF/vzodvEzX+BpbdFuhnDd4p5QQ0G9JMWlkAkmVPQ ZX4TWKN4Lmdpm7 Eu6x6tWRC+nSJze7+NfxX8mx/TyuhNKMucqEIfxut795ehc4Dz CBKqUsedWAa4XZ 1/T2mrLjCf5lhP4g26fFnXZvm2ME4SY3UM+HHAQmXABnuq5058 1owfCYfgXgc9Iu jRdlzhC/2VCHXgoy9e7FIquycedSyZWWTC4TI0YFbNJ0CW1L8e JF1AXwdzziWqsD KOu6Dkc6LGp9NEQTE4rCT95PNBvA8h2CvpS+nyW8dCYiyliMB/ 961qqP5+txodPM 8mpq3ZsOpZJ851BXjCfUsv5JcFa7eYQ/qdYnCw01fjcl2yPuWW Di+rgOCrZGCDyQ NX+2/X7evJZXKfX2EceHS0jX7LEQYY+jJ1QQS/NxL8DQOm+CKj 1STaj9zFlZiecF a6/XVCJn44pxbus0+deCH4tutBSZIMfZECYcPGPnSNG/dSRg/D uI73zlLW/Rq0w8 KnF6vvOibrodT7caa//ZSfQpcqUf5YAdncPTi02P+rS92ajQu6 j2q8SFh6HLI45R iK08HZNoy0ERg/Iy+L+AXn1Nvzs6PfrMEuV1LHQsIfi46Uoecs TZFqWOAcUKJ61h Esw0WHdsySjhQlfzNB4g8+Tp/m36kr7D3UdJi4nc/BYf8rwmen RX8k+tXXpcEjrb =m8C5 -----END PGP MESSAGE-----

    BarKeep: That'll be
    -----BEGIN PGP MESSAGE----- Version: PGP 8.0.2 - not licensed for commercial use: www.pgp.com qANQR1DBwU4Dycxpn5YWMKIQB/4hSvhixkEZ+CYj4Ow+8fK+D4 EpBEqRFdiL09S6 XFVufOEDllOtctm4M/E7g2fu7znPc25b1sSNwOsMofcyXvQ5Sj PV7oo3Q4kEA+rz +dVt260nxrXQjxuSsl6kx6rxdoPii+jMyv7PH/ZDluDwOFDQB+ efs9NdYuwUnBB7 yBj6/9Fu+16uAQuY+Dnlia6kub9XNVGuH3dlgvYnDmT1Lk22a4 eKara0HBd4ZEV4 d3ObqK2uXjQfyvKbxQaIP3aNEFu/dpwkmKueIS7bW4YVeZpllb xFms2ORwKUpU8Z 5zEQnwax9KI9NFhQbMgiQzrYdUEi7GTtKdo0NIwGo04bhBsRB/ wIvYheeDy0JSvP 1swLLDVNzChvSwfJUoNZJPopJaA5VNx6S5gb5xZBy7krieCru+ Ll/FDHAUL08c2c ebURo1TYIK18jLxgXqdn0dVreNy1wdHOjEQcdo/eYY/2W6Z5SS yyUOrDUU+mO5RS yBrHo42JT/nlh+r5Ylq+KUeuvkZBamO1ITAVpuByrTFQsIShxB PdsWettSmjeM4v RabkYNO05GLxPI1DCPJrApDu1741ilKXj1FmqxKFzvPn+YypaY B7nNIzLyhAduiK H9I1gklvDmH3Ht/7OeZo4gGe7xO+K7AHz9oUdaKo/gC5do8eLe ExY8Nihx+ct02L u7+e5GOxySWpPzHvDd8rOcB2u566WlbYMcb5t/i6735sHRWjTt O9NoY0NOx2 =g4ea -----END PGP MESSAGE-----

  2. Aka "Pgp Key signing party" by hrarbinger · · Score: 3, Interesting
    Although the web page is sparse on details (I might go so far as to say completely devoid) this isn't a bad idea. Getting folks together to develop a web of trust is the whole point of the PGP model. The more people who have signed your key, the more likely you and someone you don't know will have a common person that you both do know who has signed your keys. Without ever directly meeting them, you can put your trust in the common associate and send encrypted messages or verify digital signatures.

    The problem is doing PGP signing the right way. I really suggest anyone attending one of these events take a look at web pages that describe "PGP Key Signing Parties" (just google, you'll find a bunch) to get the idea. In brief, to be absolutely sure that you trust a key belongs to someone, you need to verify the following:

    1. The key ID (2BCA871D for example)
    2. The key type (DSA, RSA, etc)
    3. The key bits (768, 1024, 2048)
    4. The key fingerprint (A028 82B4 14CC ...)
    Any one of these items can be forged while maintaining the others, so you need to verify them all.

    Now, the hard part is how do you verify that this human who has brought these bits of data is the actual human associated with the key? You can check their driver's license and things like that. But of course this is where it's much better to only sign keys of people you know, rather than just total strangers.