[conspire] Offering GPG/PGP Workshop at CABAL
mark at weisler-saratoga-ca.us
Fri May 16 20:54:19 PDT 2008
On Friday 16 May 2008 20:06:14 K Sandoval wrote:
> To: Mark Weisler
> cc: conspire
> > > What to Bring.
> > > Bring the Linux or Macintosh computer on which you intend to use GPG
> > > for secure communications and storage.
> I will bring my thinkpad. Can I use the same key for my laptop and my
> two desktop drives?
But I believe you mean keys (plural). You will have a public key and a private
key. You can have them both on as many computers as you want but you should
keep control of the computers containing your private key. I'll go into how
to move your keys around but that has to be done carefully lest the private
key fall into the wrong hands.
> >>As an option, you could bring some form of identification with your
> >> photograph
> Should I scan my drivers license picture, or select a picture I
> already have scanned?
It can be any picture that you like, probably mostly a head shot, probably not
something scanned as that might tend to be lossy. The issue is to have a
picture that people can use to remember and recognize you. Think "mug shot"
and full-frame photography.
> Is there a file size restriction on the picture?
I'm not sure off-hand. I don't think there is. It seems like if you give it a
high resolution photo image, GPG/PGP will process it down to a resolution and
size it likes.
> Is there a file format preference?
Again, don't know off-hand. We'll work that out though, no problem.
> > > exchange information (including public encryption keys). More on that
> > > at the workshop (you'll read about that in Rick's material-it's called
> > > a key signing event or party).
> Should I try to perform the steps for generating keys, or can I
> generate the keys at the workshop?
Sure, if you have time explore. There are several good tutorials out there
including Brenno DeWinter's
Also there are some GUI interfaces to GPG and we will demonstrate how gnome
and KDE have GUI tools making GPG easier to use than the command line. Rick
recently commented on the lack of user-friendliness of GPG in the command
line interface and he's quite right. That's why the GUI interfaces have
gained popularity. It's also why commercial firms like PGP are
successful-they make crypto easier to use.
> What if I generated keys previously, over a year ago and lost all the info?
We'll just generate new keys including revocation keys. And review how to care
for them including putting them on a CD you can keep in a safe place.
We can test and make keys til the cows come home-so to speak- but what counts
is when we start giving other people our key and start using crypto. You
don't want to change keys often and force your correspondents to update
keyrings with a new key for you and then also find that your old key is no
longer valid and revoked.
So, make keys and explore but be careful about giving out a key or putting it
on a server until you are comfortable that you know what you are doing and
can properly care for your keys.
> I think it might be linked to either my gmail email or my yahoo email
> address. I think it was a PGP key? How do I find out the status of this
> previously created key?
The best thing would be to try to find your keyring. It will contain your
public and private keys and is usually at ~/.gnupg
You might very well be able to use keys they keys you made a while back.
But you could also make keys for fictional people or deceased ancestors as a
> > > OK, let's plan on June 28th.
> > > I'll post more information as the date approaches.
> Ms.Kai Sandoval
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 189 bytes
Desc: This is a digitally signed message part.
More information about the conspire