octave-maintainers
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [OctConf 2014] OpenPGP key signing anyone?

From: Juan Pablo Carbajal
Subject: Re: [OctConf 2014] OpenPGP key signing anyone?
Date: Wed, 17 Sep 2014 17:22:02 +0200 
On Wed, Sep 17, 2014 at 5:15 PM, Mike Miller <address@hidden> wrote:
> [Trimming help@ from cc]
>
> On Wed, Sep 17, 2014 at 16:14:56 +0200, Juan Pablo Carbajal wrote:
>> On Wed, Sep 17, 2014 at 3:34 PM, Mike Miller <address@hidden> wrote:
>>> hard copies of your key fingerprint
>>
>> Sorry for my ignorance. what would a that hard copy be?
>> Is not that I am going, but as you noticed I do not know much about
>> this phenomenon.
>
> No problem, happy to answer questions. What I mean is to bring slips
> of paper with the details of your OpenPGP key fingerprint and UIDs,
> preferably enough to hand out to however many people you would expect
> to interact with.
>
> If there had been more interest, I would have coordinated by
> collecting everyone's key information over email and sending out a
> single document that contains all the keys so everyone doesn't drown
> in little pieces of paper.
>
> The actual in person exchange and verification of keys between two
> people requires no computer, just one or more photo IDs and slips of
> paper from each party with the output of `gpg --fingerprint`. Let's
> say you hand me a piece of paper that has your key's fingerprint and
> your name and email address(es) associated with the key (exactly what
> `gpg --fingerprint` produces) and a photo ID or two. I will try to
> verify that the photo ID matches the person standing in front of me,
> and that the legal name on the photo ID matches the name(s) on the
> key. If everything looks good, I return your photo ID, keep the paper,
> make a note that everything checks out, and then later I can digitally
> sign your key at a computer that I trust.
>
> Signing involves downloading your key from a public key server, making
> sure that the fingerprint from the downloaded key exactly matches what
> was on the slip of paper you handed me, and then using gpg or other
> program to sign the key and send it back to you or to a key server. By
> signing your key, I am indicating that (1) I trust that a signature
> made with your key from your email address was actually signed by you
> and no one else, and that (2) I trust that I can send something
> encrypted to your key and email address and it will only be able to be
> decrypted by you and no one else.
>
> --
> mike

Thank you so much Mike, I will check if there is signing event around
here. Wasn't this somehow missing in the infographics?
https://emailselfdefense.fsf.org/en/infographic.html
I realized that it is in the full guide but just at the very bottom
(and I am not sure it was there first time I read it)
reply via email to
[Prev in Thread] Current Thread [Next in Thread]