CryptopartyForInstructors/5
From Hackerspace Brussels
Test PGP key signing party[edit]
Going over the flow of a key signing party.
- what flows and/or protocols can be used?
- what tools can be used as a organizer (some participant tools offer at least some organizer stuff)
- what tools can be used as a participant
- caff, available in signing-party or pgp-tools packages
- pius, a python alternative to caff
Useful links provided by Dimi:
An in depth howto for organising a key signing party: http://www.cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html Resources (like slides and artwork) for organising a Cryptopoarty: https://www.cryptoparty.in/resource Short text about keysigning party: http://wiki.openrightsgroup.org/wiki/Keysigning_parties#How_to_take_part A good step-by-step how-to on using PGP (for end users): https://help.riseup.net/en/security/message-security/openpgp A good e-book (for end users) on online security in general, also covering PGP: https://basicinternetsecurity.org/ EFF's intoduction to PGP (for end user): https://ssd.eff.org/en/module/introduction-public-key-cryptography-and-pgp I wouldn't be up for organising a full on keysigning party using the Zimmermann Sassaman key signing protocol as it is a lot of work and only really useful if there are a lot of people participating, like at FOSDEM or something similar. I would go for the informal party or list based if there are more people interested in participating: http://cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html#choose_party_type Great comic on the subject: https://xkcd.com/364/
Key signing tools
caff http://pgp-tools.alioth.debian.org/ caff is perl and was a pain to install on my system, ymmv. pius http://www.phildev.net/pius/ lighter python alternative to caff (jeroen: I haven't been able to get it to work yet :) https://sourceforge.net/p/pgpius/bugs/18/ --> gpg2 is to blame, should work with gpg1) This guy also wrote an easy to understand "walkthrough" of pgp: http://www.phildev.net/pgp/ monkeysign more for adhock signing with uid verification (which pius also makes easy)
Password - passphrase management:
Choosing a good passphrase (in stead of password): http://www.iusmentis.com/security/passphrasefaq/ Choosing a good password by Bruce Shneier himself: https://www.schneier.com/blog/archives/2014/03/choosing_secure_1.html