Slashdot Mirror

← Back to Stories (view on slashdot.org)

PGP @ LWCE

Posted by justin++ on from the what-a-rhyme... dept.

Fellow Debian Developer, Jonathan Walther (aka SirDibos) asked me to post this. He has set up a document which explains the proper method for getting your PGP key signed. With Taco, Hemos, and others at LWCE, this is a great place to get your key signed. Read the document here. After the trojan scare awhile ago, people need to be aware of proper security techniques. DCLUG and NOVALUG will begin signing keys shortly, as well.

14 comments

  1. One slight detail... by Anonymous Coward · · Score: 0

    You should make sure that you sign your key with itself
    This avoids an obscure hole.

  2. Dump PGP by Anonymous Coward · · Score: 0

    Can we please dump PGP.. It's getting annoying!
    We need to switch to using GNUPG.

  3. Small detail by Anonymous Coward · · Score: 0

    The command-line PGP v6 is going to go back to the 2.x set of flags... just to break everyone's scripts AGAIN.

    sabi (machine containing my password is down...)

  4. still one thing though.. by Anonymous Coward · · Score: 0

    with articles like this, it gets too hmm.. detailed i guessed. what the hell does this do in the big picture? :) i guess the man page for individual commands might tell, but i think the biggest hurdle for most people is actually comprehending what is done with these keys. i still don't know exactly. the man pages are ok but how does 'pgpk - manages public and private keys' fit in the big picture. i dunno, i'm probably babbling. anyone else confused? someone just tell me to rtfm and i'll go boggle for an hour or two.

  5. PGP4Pine "howto"? Coming at ya by Anonymous Coward · · Score: 0

    Http://aard.myplace.org/pgp/

  6. Dump PGP: Can't Yet by Anonymous Coward · · Score: 0

    > Can we please dump PGP.. It's getting annoying!

    It would be nice, wouldn't it? All the more
    so because a company as lame as NAI now "owns"
    PGP. (Thank *you* P. Zimmermann!) Adding
    insult-to-injury: NAI has no commercial version
    of PGP (presently?) available for Unix variants,
    can not say when they will, and offers no way to
    license the non-commercial version(s) for
    commercial use.

    Typical level of competence and cluelessnes for
    NAI. PGP is only one of the many products this
    company has absorbed and seems intent on
    destroying.

    Unfortunately, GnuPG is not Ready For Prime Time.
    It is riddled with bugs and can't even pass its
    own test suite on some platforms - core-
    dumping in the attempt. (Sparc Solaris, in
    particular.)

    So, much as it pains me to say it: we are stuck
    with PGP for a while yet.

  7. Date by Anonymous Coward · · Score: 0

    Wow, somebody messed up, it isn't Monday, February 29th! Oh well, big whoop really, just nobody else noticed it. Guess it really isn't that important.

  8. and why should we trust you? by pez · · Score: 1

    i mean how do we know that this isn't some diveant plot by microsoft and they gave you loads of money :)

  9. Darnit... by cduffy · · Score: 1

    ...I was hoping for info on getting my key signed by some trusted authority.

    Hmm... s'ppose I'll have to get around to my planned visit to the local notary-public offices (there are several around here). That or convince the local LUG to do an official key-signing... unfortunetely, most of the officers consider PGP nothing but a pain.

  10. now i can sound smart by gavinhall · · Score: 1

    Posted by Assmodeus:

    wow..now i can sound smart to the people who ask me about pgp keys... whee...

  11. PGP key what is this for anyway? by josepha48 · · Score: 1

    .. okay this may seem like a stupid question, but I was always told that the only stupid question is the one not asked..

    what are the pgp keys for? why do I need one or do I? and should I download the keys with the 2.2.x kernels? and if so what should I do with them once I have them on my system?

    send mail here

    --

    Only 'flamers' flame!

  12. what day is it?! by Jose · · Score: 1

    the dates on this seem a little weird:
    Posted by Justin on Monday February 29, @11:00AM
    but the comments are dated:
    Monday March 01, @12:10AM
    a little weird =P

    (oh and local time here is 01:56 EST)

    --
    The basic sleazeware produced in a drunken fury by a bunch of UCBerkeley grad students was still the core of BIND. --PV
  13. Small detail by Straker+Skunk · · Score: 1

    Might want to mention the new command convention in there... with the package I have (PGP 5.0), instead of pgp -kblah, pgp -vblah, it's pgpk -blah, pgpv -blah, etc.

    Still, though, very helpful! We need docs like this to get strong crypto to the masses. Now if only there were as good a HOWTO for pgp4pine....

    --
    iSKUNK!
  14. So don't trust them by Sir+Spank-o-tron · · Score: 1

    Last I checked, you didn't care if the people who signed your key were actually trustworthy. You just want people to know your public key is what it seems to be. Key signing is a good way to get your key out there. Who cares who's got it? They can't do anything bad wit my public key, other than say 'yah, I met this guy, and this is his key'.

    Spankmeister General

    --
    -- Spankmeister General