Difference between revisions of "GnuPG"
Jump to navigation
Jump to search
Line 19: | Line 19: | ||
gpg-key2ps 9ad7e3db |ps2pdf - 9ad7e3db.pdf |
gpg-key2ps 9ad7e3db |ps2pdf - 9ad7e3db.pdf |
||
+ | * But after all how was produced the list of fingerprints from the organizer? I created a script to generate such list: |
||
+ | <pre> |
||
+ | #!/bin/bash |
||
+ | |||
+ | # License: GPLv3 |
||
+ | # Copyright Philippe Teuwen <phil a teuwen o org> 2008 |
||
+ | if [[ $# -ne 5 ]]; then |
||
+ | cat <<EOF |
||
+ | Usage: $0 input output datestring organizer title |
||
+ | Or: $0 - output datestring organizer title |
||
+ | to read from STDIN |
||
+ | Example: |
||
+ | echo 9AD7E3DB 54C12701 |\\ |
||
+ | $0 - ksp-file.txt "20080222 1100" "Philippe Teuwen <phil a teuwen o org>" "my party 08" |
||
+ | EOF |
||
+ | exit 0 |
||
+ | fi |
||
+ | |||
+ | input="$1" |
||
+ | [ "$input" == "-" ] && input=""; |
||
+ | output="$2" |
||
+ | date="$3" |
||
+ | org="$4" |
||
+ | title=$(echo "$5"|tr a-z A-Z|sed 's/\(.\)/\1 /g') |
||
+ | |||
+ | exec > "$output" |
||
+ | |||
+ | # Date of event |
||
+ | LANG=C date --date="$date" +"%A, %B %e, %Y; %H:%M" |
||
+ | # Organiser contact |
||
+ | printf "%80s\n\n\n" "$org" |
||
+ | # Title |
||
+ | printf "%*s\n\n" $(((72+$(echo "$title"|wc -c))/2)) "$title" |
||
+ | # Header |
||
+ | cat <<EOF |
||
+ | List of Participants (v 1.0) |
||
+ | |||
+ | |||
+ | Here's what you have to do with this file: |
||
+ | (1) Print this file to paper. |
||
+ | (2) Compute this file's MD5 checksum and optionally also its SHA1 checksum. |
||
+ | gpg --print-md md5 $output (or use md5sum) |
||
+ | gpg --print-md sha1 $output (or use sha1sum) |
||
+ | (3) fill in the hash values on the printout. |
||
+ | (4) Bring the printout, a pen, and proof of identity to the keysigningparty (and be on time!). |
||
+ | |||
+ | MD5 Checksum: __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ [ ] |
||
+ | |||
+ | |||
+ | |||
+ | SHA1 Checksum: ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ [ ] |
||
+ | |||
+ | |||
+ | |||
+ | |||
+ | EOF |
||
+ | |||
+ | k=0; |
||
+ | for i in $(cat $input); do |
||
+ | k=$(($k+1)); |
||
+ | printf "\n%03d [ ] Fingerprint OK [ ] ID OK\n" $k; |
||
+ | gpg --fingerprint $i|grep -v "^sub"; |
||
+ | done |
||
+ | </pre> |
||
===After the signing party=== |
===After the signing party=== |
||
* I clean the list ksp-fosdem2008.txt to keep only those I met. |
* I clean the list ksp-fosdem2008.txt to keep only those I met. |
Revision as of 19:46, 24 February 2008
Notes on signing-parties
There are some useful tools in Debian:
apt-get install signing-party
Here is an example based on my participation to the keysigning-party of FOSDEM 2008
- Importing keys: the organizer provided a file with all the keys exported
tar xzvf keys.tgz for i in keys/*; do gpg --import $i;done
- Preparing the given list of keys: the organizer provided a list such as in the examples provided here: /usr/share/doc/signing-party/gpgsigs/examples/. To prepare that file, compute its checksums and add the pictures when possible:
gpgsigs --latex 9ad7e3db ksp-fosdem2008.txt ksp-fosdem2008 latex ksp-fosdem2008 dvips ksp-fosdem2008.dvi ps2pdf ksp-fosdem2008.ps > ksp-fosdem2008.pdf
- Preparing a stock of our own fingerprints, in case of...
gpg-key2ps 9ad7e3db |ps2pdf - 9ad7e3db.pdf
- But after all how was produced the list of fingerprints from the organizer? I created a script to generate such list:
#!/bin/bash # License: GPLv3 # Copyright Philippe Teuwen <phil a teuwen o org> 2008 if [[ $# -ne 5 ]]; then cat <<EOF Usage: $0 input output datestring organizer title Or: $0 - output datestring organizer title to read from STDIN Example: echo 9AD7E3DB 54C12701 |\\ $0 - ksp-file.txt "20080222 1100" "Philippe Teuwen <phil a teuwen o org>" "my party 08" EOF exit 0 fi input="$1" [ "$input" == "-" ] && input=""; output="$2" date="$3" org="$4" title=$(echo "$5"|tr a-z A-Z|sed 's/\(.\)/\1 /g') exec > "$output" # Date of event LANG=C date --date="$date" +"%A, %B %e, %Y; %H:%M" # Organiser contact printf "%80s\n\n\n" "$org" # Title printf "%*s\n\n" $(((72+$(echo "$title"|wc -c))/2)) "$title" # Header cat <<EOF List of Participants (v 1.0) Here's what you have to do with this file: (1) Print this file to paper. (2) Compute this file's MD5 checksum and optionally also its SHA1 checksum. gpg --print-md md5 $output (or use md5sum) gpg --print-md sha1 $output (or use sha1sum) (3) fill in the hash values on the printout. (4) Bring the printout, a pen, and proof of identity to the keysigningparty (and be on time!). MD5 Checksum: __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ [ ] SHA1 Checksum: ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ [ ] EOF k=0; for i in $(cat $input); do k=$(($k+1)); printf "\n%03d [ ] Fingerprint OK [ ] ID OK\n" $k; gpg --fingerprint $i|grep -v "^sub"; done
After the signing party
- I clean the list ksp-fosdem2008.txt to keep only those I met.
- I extract the fingerprints
cat ksp-fosdem2008-ok.txt |grep fingerprint|sed 's/^.*= //;s/ //g'> ksp-fosdem2008-finger.txt
- I configure caff, the first time it creates a template in ~/.caffrc which was nearly ok, I let only my usual public key, told to encrypt also for that key, activated the default email template, chose agpg as signing gpg program and finally chose a public keyserver:
$CONFIG{'local-user'} = [ qw{7A135F579AD7E3DB} ]; $CONFIG{'also-encrypt-to'} = [ qw{7A135F579AD7E3DB} ]; $CONFIG{'gpg-sign'} = '/usr/bin/agpg'; $CONFIG{'keyserver'} = 'wwwkeys.pgp.net';
- I could not get caff working until I finally copied ~/.gnupg/pubring.gpg and ~/.gnupg/trustdb.gpg to ~/.caff/gnupghome/ then everything worked including import of new keys from the keyserver.
- Signing only:
caff --no-download --no-export-old --no-mail $(cat ksp-fosdem2008-finger.txt) yes / save (check twice the uids as you could have forgotten to remove it in ksp-fosdem2008-ok.txt)
- Sending emails:
caff --no-download --no-sign --no-export-old $(cat ksp-fosdem2008-finger.txt)
- I got some undeliverable emails, some obviously being jabber ids, so I recovered the email content from ~/.caff/keys/2008-02-24 and sent it over jabber.
- Short way for a professional signing-party using an internal keyserver:
for i in 96C896AC A66BEE0A 1123D169 FE26A072 FB3D346D EA7164CE; do gpg --recv-key $i; agpg -u teuwen@nxp --sign-key $i; gpg --send-key $i; done
- In case you mistype your passphrase with quintuple-agent (agpg), you've to delete the stored passphrase before trying again:
q-client list q-client delete 54C12701
- Check who has signed your key:
gpglist 9AD7E3DB