db2it <email@example.com> writes: > OK, I'll be there with my passport : not US paranoia compatible, but > good enough for the rest of the world !!! > > My fingerprints are permanently attached <G>. But I'll need help > setting up an electronic one (I assume that is what you mean). firstname.lastname@example.org ~ > gpg --fingerprint email@example.com pub 1024D/015B8928 2003-10-15 Andrew Aylett <firstname.lastname@example.org> Key fingerprint = 9286 E78D A094 C4A2 50EC E2FD 2A49 CA50 015B 8928 sub 1024g/99271963 2003-10-15 You will need to bring at least one copy of the key fingerprint (the 40 digit string), probably better to bring several as it'll be easier to give people a copy you've printed out than for them to copy the fingerprint by hand. Of course, if you're going to generate the key while you're there, then people can just read it off the screen. That's not recommended though -- conventional (paranoid) wisdom is that it's not a good idea. In <http://www.cryptnet.net/fdp/crypto/gpg-party.html> V. Alex Brennen writes: > You should not bring a computer to the party because binary > replacement or system modifications are very easy ways to compromise > PGP systems. > > If someone where to bring a portable computer and everyone used that > computer to sign the other keys at the party, no one would know if the > machine had been running a key stroke logging utility, a modified > version of GPG,a modified version of the Linux kernel, or a specially > modified keyboard, any of which could be used to capture the secret > keys of those who used the computer. > > The use of a computer at the party would also leave you open to more > simple attacks like shoulder-surfing, or more complex attacks like > weak secret key generation, secret key modification, or even infection > with virii that modify your GPG binaries to leak future secret keys > discretely. If you're going to be paranoid enough to want to store your key on a USB dongle, you're probably paranoid enough to not generate it in a public place... It might be better to find out how then to do it at home, get folks to sign the key next month. That's probably approaching an impractical level of paranoia, however. Unfortunately, I'm not going to be around tonight, otherwise I'd sign your key and get you to sign mine... I could do with some signatures :-). OK, -- Andrew Aylett | www.aylett.co.uk | 1.79 x 10^12 furlongs per fortnight... email@example.com | answer==42 | -- it's not just a good idea, it's the law!
Description: PGP signature
This archive is kept by firstname.lastname@example.org.DONTSPAMME||homepage|