PyLadies PyCon GPG Key Signing Par-Tay

key_signing.md

GPG Key Signing

follow online: pyladi.es/gpg-key-party

Prep

Download & Setup Required Software

• Mac OS X: GPG Suite - follow their download & installation instructions
• Linux:
  • First see if you already have it, which is most likely: Try running gpg --help.
  • If an error occurs:
    • Debian/Ubuntu: sudo apt-get install gnupg
    • Fedora/Red Hat: sudo yum install gnupg
  • Try gpg --help again after installation
• Windows: gpg4win
  • Follow their download & installation instructions, note where you installed the program, e.g. C:\Program Files\GNU\GnuPG\
  • Add the executable to your environment variable path:
    • Go to My Computer > Properties > Advanced > Environment Variables > Path
    • Edit path by adding the full path to the gpg.exe file (e.g. C:\Program Files\GNU\GnuPG\gpg.exe)

Generate Your Key Pair

When generating keys, be sure to use these when prompted (following OpenPGP's best practices):

Variable	Attribute
Key Type	RSA and RSA (default)
Key Length	4096 bits
Key Expires	2 years (or less)
Upload to keyserver	yes
Keyserver	hkps://hkps.pool.sks-keyservers.net

NOTE: Be sure to also create a super secure passphrase, (and perhaps save it to a password manager).

• If you prefer doing this via a GUI:

  • Windows: Follow Create a Key pair
  • Mac OS X: Open up "GPG Keychain" application and follow the "Create a new key" section from here
  • Linux: Follow the GNOME or KDE instructions

• Or, via the Command Line (for every OS), and work through the prompts with the values in the above table:

gpg --gen-key

Send Key to Keyserver

• Command Line:

# replace KEYNAME with your fingerprint
gpg --keyserver hkps://hkps.pool.sks-keyservers.net --send-key KEYNAME

• GUI:

  • Windows - Follow Sending your key to a keyserver instructions
  • Mac OS X:
    • In your Preferences (GPG Keychain > Preferences) be sure to set "hkps://hkps.pool.sks-keyservers.net" as your key server.
    • Follow "2.1 Key Server" under Sharing your public key
  • Linux - GNOME, KDE

Sign

1. Meet a new friend!
2. Confirm identities with each other (passport, ID)
3. Exchange each other's Key Fingerprints
4. Run the following commands:

$ gpg --keyserver hkps://hkps.pool.sks-keyservers.net <LAST_8_FINGERPRINT_DIGITS>
$ gpg --fingerprint <LAST_8_FINGERPRINT_DIGITS>
# Check if the fingerprint given matches what your new friend gave you
# if it doesn't match...run!
# if all okay:
$ gpg --sign-key <LAST_8_FINGERPRINT_DIGITS>
$ gpg --keyserver hkps://hkps.pool.sks-keyservers.net --send-key <LAST_8_FINGERPRINT_DIGITS>

High five! Then find a new friend!

OPTIONAL: Generate a back up

NOTE Before exporting to create a back up, it may be best to have a USB drive handy so the backup is not on your machine.

NOTE If you do save your back up to a USB, be sure to keep it safe and secure!

• Command Line:

# replace email and file name with your details
# if saving to USB, put full path to USB
gpg --export-secret-keys --armor [email protected] > jqdoe-privkey.asc

• GUI:
  • Windows - follow these export instructions and save the back up to your desired location (e.g. your USB).
  • Mac OS X - follow "Backup a Single Key"
  • Linux - GNOME, KDE