CryptopartyForInstructors/5

CryptopartyForInstructors/5 Thu 12 Mar 2015 18:30 till Thu 12 Mar 2015 22:00 What: cryptoparty for instructors Tagline: encrypt everything! Where: HSBXL Brussels,Belgium Cost: 0 Who: Gustavo, Dimi, Jeroen, you? URL:

Test PGP key signing party

Going over the flow of a key signing party.

• what flows and/or protocols can be used?
  • this? https://en.wikipedia.org/wiki/Zimmermann%E2%80%93Sassaman_key-signing_protocol
• what tools can be used as a organizer (some participant tools offer at least some organizer stuff)
• what tools can be used as a participant
  • caff, available in signing-party or pgp-tools packages
  • pius, a python alternative to caff

Useful links provided by Dimi:

An in depth howto for organising a key signing party:
http://www.cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html

Resources (like slides and artwork) for organising a
Cryptopoarty: https://www.cryptoparty.in/resource

Short text about keysigning party:
http://wiki.openrightsgroup.org/wiki/Keysigning_parties#How_to_take_part

A good step-by-step how-to on using PGP (for end users):
https://help.riseup.net/en/security/message-security/openpgp

A good e-book (for end users) on online security in general, also
covering PGP: https://basicinternetsecurity.org/

EFF's intoduction to PGP (for end user):
https://ssd.eff.org/en/module/introduction-public-key-cryptography-and-pgp

I wouldn't be up for organising a full on keysigning party using
the Zimmermann Sassaman key signing protocol as it is a lot of work
and only really useful if there are a lot of people participating,
like at FOSDEM or something similar.

I would go for the informal party or list based if there are more
people interested in participating:
http://cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html#choose_party_type

Great comic on the subject: https://xkcd.com/364/

Key signing tools

caff
http://pgp-tools.alioth.debian.org/
caff is perl and was a pain to install on my system, ymmv.

pius
http://www.phildev.net/pius/
lighter python alternative to caff
(jeroen: I haven't been able to get it to work yet :) https://sourceforge.net/p/pgpius/bugs/18/ --> gpg2 is to blame, should work with gpg1)
This guy also wrote an easy to understand "walkthrough" of pgp: http://www.phildev.net/pgp/

monkeysign
more for adhock signing with uid verification (which pius also makes easy)

Password - passphrase management:

Choosing a good passphrase (in stead of password):
http://www.iusmentis.com/security/passphrasefaq/

Choosing a good password by Bruce Shneier himself: 
https://www.schneier.com/blog/archives/2014/03/choosing_secure_1.html