| <fl_b_b> | daniel: we'll be home in time for your shindig. anything we need to know/bring? |
| <fl_b_b> | (besides the warm florida sunshine on our backs, that is.) |
| <phil_tty> | PGP keys! |
| <phil_tty> | Well, key IDs and fingerprints. |
| <fl_b_b> | phil_tty: I have neither. |
| <phil_tty> | Just yourself, then. |
| <fl_b_b> | phil_tty: should throw a PGP tutorial for folks who have never used it before. |
| <fl_b_b> | and at the end, have a keysigning. |
| <phil_tty> | dan's decided that everyone with PGP keys needs to bring their information to the gathering so he can get signatures before heading off to israel. |
| <phil_tty> | fl_b_b: I just did exactly that for BaltoLUG a couple of months ago. |
| <phil_tty> | But I've also volunteered to do another for UMBC LUG. |
| <fl_b_b> | yeah! |
| <daniel> | fl_b_b: we can make you a PGP at the party |
| * daniel | waves his magic wand |
| <fl_b_b> | but I don' |
| <daniel> | fl_b_b: you are a PGP key |
| <daniel> | *poof8 |
| <fl_b_b> | t want to be a PGP! |
| * fl_b_b | runs around, looking for things to unlock |
| <phil_tty> | daniel: No. Bad. Should only handle the private on your own, presumably trusted, computer. |
| <phil_tty> | s/private/private key/ |
| * fl_b_b | tries to unlock grok_grok |
| <daniel> | phil_tty: well, ok. he could ssh into his own machine. but preferably not. |
| * grok_grok | is protected with 128 bit encryption |
| <phil_tty> | daniel: What about that keystroke logger I installed on your laptop? |
| * daniel | can't understand a work grok_grok says |
| <daniel> | phil_tty: we won't tell him about that |
| <phil_tty> | daniel: Oh, ok. |
| * fl_b_b | doesn't have the level of paranoia he needs to maintain a set of pgp keys, methinks. |
| <phil_tty> | There are days I worry that I'm not paranoid enough. |
| <phil_tty> | But that may just be the paranoia talking. |
| <daniel> | fl_b_b: it's not about paranoia. it's about having a signature |
| <fl_b_b> | *gasp* |
| <fl_b_b> | watch out dan...almost used a buzzword. |
| <phil_tty> | daniel: But paranoid about signature. Because once it's compromised so's your identity. |
| * grok_grok | downloaded gpg the other day |
| <grok_grok> | but i have yet to actually make a key |
| <phil_tty> | Making the key is easy. |
| <grok_grok> | i read the README and that |
| * fl_b_b | has debian on beefeater now, so relatively easy to install gpg. |
| <phil_tty> | Managing your keys is a little more challenging, but not too hard. |
| <grok_grok> | but i don't really have a use for a key |
| <grok_grok> | oh well |
| <grok_grok> | donno why i d/l ed it |
| <phil_tty> | grok_grok: Use for a key: encryption. |
| <daniel> | fl_b_b: don't try to trivialize pgp. it's foolish to think that you will never ever want to encrypt something for transfer to someone else. |
| * phil_tty | 's goal is to convince everyone he knows to use PGP and never send an unencrypted personal email again. |
| <grok_grok> | lol |
| <grok_grok> | i have never sent something over the internet that i would care if it got intercepted |
| <fl_b_b> | daniel: I never thought that. I can still poke fun. :) |
| <grok_grok> | cept maybe my parent's credit card |
| * She-Ra | would be interested in learning how to use it, if someone feels like showing |
| <phil_tty> | Because when I write letters, I put them in an envelope. I don't write them on postcards, even if the contents are innocuous. |
| <grok_grok> | (but it only has a $500 limit) |
| <She-Ra> | grok_grok : steal dad's! rack up muchos money! |
| * CowBot | reminds phil_tty about tutorial. |
| <daniel> | fl_b_b: you can't wait till you want to encrypt something. by then you won't have time to do the grunt work of key creation and signing and all that. |
| * phil_tty | reminds CowBot to remind She-Ra. |
| * CowBot | grazes contentedly |
| <grok_grok> | does mandrake come with gpg? |
| <phil_tty> | grok_grok: I would be surprised if it didn't. |
| <She-Ra> | grok_grok : yepper |
| <fl_b_b> | daniel: once I learn gpg, I'll set it up on beefeater for all users to use. |
| <fl_b_b> | but I'm not worried about it until I get around to learning it. |
| <daniel> | fl_b_b: just ssh into beefeater now and let phil guide you through the steps of key creation |
| * phil_tty | could. |
| <phil_tty> | She-Ra: You too? |
| <She-Ra> | phil_tty : okey |
| %%% | forward.openprojects.net changed the topic on #UMBCLinux to Impromptu PGP tutorial! Whee! |
| * She-Ra | needs all the help she can get |
| <phil_g> | Step 1: install GPG. |
| <She-Ra> | check |
| <phil_g> | Package in debian is gnupg. |
| <fl_b_b> | installing. |
| <She-Ra> | prompted to type message |
| <fl_b_b> | 'sok, gnupg is set up. |
| <phil_tty> | Ok. command: |
| <phil_tty> | gpg --gen-key |
| <fl_b_b> | (as user?) |
| <phil_tty> | This will start you on your path to PGP. |
| <phil_tty> | Yes, run that as your normal user. |
| <phil_tty> | It will ask you what kind of key you want. Use the default. |
| <She-Ra> | ye.s, which? |
| <She-Ra> | ah |
| <phil_tty> | Default is "(1) DSA and ElGamal (default)" |
| <She-Ra> | default size? |
| <phil_tty> | 1024bits is a reasonable size. |
| <phil_tty> | Use 2048 if you're really paranoid. |
| <phil_tty> | It's easiest to not use an expiration date. |
| <grok_grok> | gee, i suppose they COULD use a supercomputer to try to crack it... |
| <phil_tty> | grok_grok: A 2048bit key is basically future-proofing. You'd use it for stuff you want to remain secure for a _long_ time. |
| <phil_tty> | (And hope that no one finds mathematically faster ways to brute-force keys. |
| <phil_tty> | ) |
| <She-Ra> | comment? |
| <phil_tty> | Ok. Name is your name. |
| <phil_tty> | It should be at least your first and last name. Abbreviations are ok if they're reasonably unambiguous. |
| <fl_b_b> | ok, I'm up to the byte generation. |
| <phil_tty> | Email address shoudl be fairly explanatory. |
| <phil_tty> | Comment you probably needn't worry about. |
| <She-Ra> | oh, okey, so nothing? |
| <phil_tty> | The comment field is for clarifications about the key. |
| <phil_tty> | For example, if you have several keys, you would have comments indicating the differences between them. |
| <fl_b_b> | Not enough random bytes available. Please do some other work to give |
| <fl_b_b> | the OS a chance to collect more entropy! (Need 300 more bytes) |
| <grok_grok> | type some random keys |
| <grok_grok> | give /dev/random some input |
| <grok_grok> | i think CTRL, and ALT work best |
| <phil_tty> | example: mike_home has at least two keys (more, actually, I think), but only one of them is for personal use. |
| <phil_tty> | Passphrase. |
| <phil_tty> | This can be (and should be) an actual phrase. |
| <phil_tty> | You want a good number of letters to increase the entropy in the passphrase. |
| <She-Ra> | yay! |
| <phil_tty> | However, you also want it to be something that you'll remember and not have trouble typing. |
| <She-Ra> | now that i have one . . . |
| <mike_home> | phil_tty: at least 5... |
| <phil_tty> | Now, do as it says and type and move the mouse and stuff. |
| <mike_home> | of course, i gen one each time i start a new job |
| <phil_tty> | Now you have a key, but you're not done yet. |
| <phil_tty> | First, run 'gpg --list-keys' and admire your nre public key. |
| <phil_tty> | s/nre/new/ |
| <phil_tty> | It should look something like |
| <phil_tty> | pub 1024D/A5828A4D 2001-12-07 phil Gregory <moo@moo.org> |
| <phil_tty> | sub 1024g/759E578C 2001-12-07 |
| <CowBot> | Moo. |
| <phil_tty> | The keyid is the number after the first slash (A5828A4D in my example). |
| <phil_tty> | This is important because it uniquely identifies your key. |
| <fl_b_b> | argh. |
| * fl_b_b | beats head on keyboard. |
| * She-Ra | is suprised that she did something right for once |
| <mike_home> | ? |
| <fl_b_b> | having trouble actually generating key...I'm not random enough. |
| <phil_tty> | If you run gpg and give it a name or email address it'll match that against all of your keys, but you should always use the keyid when you want to be sure you're getting a specific key. |
| <phil_tty> | fl_b_b: scp something or start downloading something. |
| <phil_tty> | network activity generates lots of interrupts. |
| <phil_tty> | We''l wait for r_g to catch up. |
| <fl_b_b> | downloading 2.4.16. |
| <phil_tty> | Heh. |
| <phil_tty> | You in X? |
| <fl_b_b> | no. |
| <fl_b_b> | console. |
| <fl_b_b> | because ssh. |
| <fl_b_b> | gpg doesn't seem to be responding. |
| <fl_b_b> | locally, I'm in x. |
| <phil_tty> | Is gpm running? |
| <fl_b_b> | there we go. |
| <phil_tty> | Ah. |
| <phil_tty> | Remote computer. So moving mouse and typing won't be generating entropy on that computer. |
| <phil_tty> | Done? |
| <fl_b_b> | public and secret key created and signed. |
| <phil_tty> | Ok. |
| <phil_tty> | Run 'gpg --list-keys' and admire your new public key. |
| <fl_b_b> | just did. |
| <fl_b_b> | yay. |
| <phil_tty> | ALso note the key id. |
| <phil_tty> | We'll use the key id in future commands to be unambiguous. |
| <phil_tty> | Next step is to upload the key to a public keyserver. |
| <fl_b_b> | key id meaning pub and sub? |
| <mike_home> | phil_tty: already sent him a handy script to send it to ALL the servers :-) |
| <phil_tty> | The keyservers serve public keys, so that anyone who wants to send you something encrypted or verify your signature can easily get your public key. |
| <phil_tty> | mike_home: Oh, nifty. Could you send that to phil_g, too? |
| * She-Ra | raises her hand too |
| <fl_b_b> | She-Ra: I forwarded mine to you. |
| <phil_tty> | Well, the command, anyway, is 'gpg --keyserver wwwkeys.pgp.net --send-keys <key id>' |
| <phil_tty> | wwwkeys.pgp.net is a round-robin DNS name for the main set of OpenPGP keyservers. |
| <fl_b_b> | phil_tty: what's the keyid again? |
| <She-Ra> | fl_b_b : merci |
| <phil_tty> | Ok. When you run 'gpg --list-keys' you'll get something like |
| <phil_tty> | pub 1024D/A5828A4D 2001-12-07 phil Gregory <moo@moo.org%gt; |
| <phil_tty> | sub 1024g/759E578C 2001-12-07 |
| <fl_b_b> | right. |
| <phil_tty> | The keyid is the number after the first slash (A5828A4D in my example). |
| <fl_b_b> | ah. |
| <phil_tty> | Ok. Now the key is on one (or more, if you use mike's script) of the public keyservers. |
| <phil_tty> | In a day or so, it'll have propogated to the others. |
| <fl_b_b> | so are both keys ok to send? |
| <phil_tty> | fl_b_b: Both keys? |
| <fl_b_b> | the pub and sub keys. |
| <daniel> | ! |
| <phil_tty> | The sub is a subkey of your main key. Where the main one goes, so go its subkeys. |
| <She-Ra> | okay, so did all that . . . now what? |
| <phil_tty> | Now, two things. |
| <phil_tty> | One, you can sign emails and receive encrypted email. |
| <phil_tty> | Two, you want to get people to sign your keys. |
| <phil_tty> | But let me go over signing first. |
| <phil_tty> | Suppose you really like shrimp. Or say you don't like shrimp at all. Wait--wrong hypothetical situation. |
| <fl_b_b> | cheeeeeese. |
| <She-Ra> | miiiilk |
| <Morty> | Shrimp world! |
| * daniel | conjures up a dimension made entirely of shrimp |
| <phil_tty> | Suppose I grab a key off a public keyserver that claims it belongs to Steve Killen. (Did I spell your last name correctly?) How do I know that it _really_ belongs to Steve and not to someone else pretending to be him. |
| <daniel> | yes, spelled correctly |
| %%% | Morty (fwuser2@cc603648-a.catv1.md.home.com) changed to Steve_Killen. |
| <Steve_Killen> | No, that really is my key! |
| <fl_b_b> | hey! |
| <phil_tty> | The solution PGP takes to this is the signing of keys. |
| %%% | Steve_Killen (fwuser2@cc603648-a.catv1.md.home.com) changed to Morty. |
| <phil_tty> | Much like you can sign an email, claiming that it really came from you, you can sign a public key, claiming that it really does belong to the person it claims to belong to. |
| <mike_home> | fl_b_b: the "sub" key is the signing portion of the key. gpg will be smart enough to figure out you mean the "pub" |
| <phil_tty> | My key is signed by ray_. Suppose you had a copy of ray_'s public key and both trusted that that was really his public key and that he can reasonably vouch vor the validity of my key. |
| <phil_tty> | s/vor/for/ |
| <fl_b_b> | why, and how, would I get other people's public keys? |
| <She-Ra> | key signing! |
| * fl_b_b | is talking about every day usage here. |
| <tim_home> | fl_b_b: keyservers |
| <phil_tty> | Then, you'd grab my key off a keyserver and check ray_'s signature on my key. If it's valid, then you could trust that my key really is mine, even if you never exchanged key information with me directly. |
| <daniel> | fl_b_b: some people include their public key in their email sigs |
| <phil_tty> | day-to-day usage, you'd get public keys off keyservers. |
| <fl_b_b> | daniel: I may do that. |
| <phil_tty> | daniel: They shouldn't. They should only provide key id and fingerprint. |
| <daniel> | fl_b_b: you can also get them off emails that people have signed |
| <phil_tty> | PGP keys are way too large for sigs. |
| <phil_tty> | daniel: No. |
| <phil_tty> | You can get the key id off the signature. You still have to grab the key from a keyserver. |
| <daniel> | i dont' mean key |
| <fl_b_b> | <shrug> |
| <daniel> | i mean to say "public fingerprint" |
| <fl_b_b> | whatever you guys mean. I'm still sort of confused about the whole mess :) |
| <phil_tty> | Anyway, You probably shouldn't really trust random keys off keyservers for anything important. |
| <She-Ra> | how do i do that? |
| <daniel> | sorry. important distinction. |
| <fl_b_b> | I'll bring my key to daniel's shindig. |
| <phil_tty> | Now we get into key signing and the "web of trust". |
| <fl_b_b> | can I put it on my visor? |
| <phil_tty> | Your web of trust is all the keys you trust, plus all the keys you trust because they trust them, and soon. |
| <phil_tty> | fl_b_b: I'll get to key signing in a moment. You don't actually need to being your key. |
| <fl_b_b> | ok. |
| <phil_tty> | At a key signing, one verifies in person two things. |
| <vees> | signing keys? |
| <vees> | yay |
| <daniel> | vees: keys! |
| <vees> | i have a new one |
| <vees> | but its signed by my old one |
| <phil_tty> | The first is that a person is who they claim to be. This can be on the basis of personal knowledge or on trust in instutions like the government (i.e. photo ID like a driver's license). |
| <She-Ra> | trust the government! |
| <phil_tty> | The second is that the person's public key is indeed the same as the key you have on your computer. |
| <phil_tty> | The latter is done via key ids and key fingerprints. |
| <phil_tty> | remember your key's id? |
| <fl_b_b> | ok, gotta roll. |
| <fl_b_b> | see you soon. |
| <phil_tty> | Run 'gpg --fingerprint <key id>' |
| <vees> | but |
| <fl_b_b> | gotta give up the line. |
| <vees> | the government doesn't have to be involved if you're signing for "rob@vees.net" |
| <Morty> | NB: the semantics of a PGP key signature are, IMHO, ridiculous. |
| <vees> | just if you're saying that it's definalely "rob carlson" |
| <phil_tty> | fl_b_b: Aske me about this later. I think I'm going to make a web page. |
| <phil_tty> | Morty: There are problems, but I think they, for the most part, work. |
| <phil_tty> | I mostly sign keys for myself, anyway. |
| <phil_tty> | She-Ra: Want to continue? |
| <Morty> | phil_tty�:� the question is not if they work, but if they mean what the signer thinks they mean. |
| <She-Ra> | phil_tty : yes, if you still feel like it :) |
| <phil_tty> | Morty: True. Hence my statement about signing for myself. I know what I mean by a signature. |
| <Morty> | I sign keys only and solely if I am convinced that the person's email address belongs to that person. I don't care about driver's licence and such. |
| <She-Ra> | prolly only gabbing at me though |
| <phil_tty> | I sign if I think that key belongs to that person. |
| %%% | fl_b_b (~steve@1Cust120.tnt4.stuart.fl.da.uu.net) quit IRC (Ping timeout: 181 seconds) |
| <phil_tty> | She-Ra: Anyway. You run gpg --fingerpint? |
| <She-Ra> | yep |
| <phil_tty> | It should have had, among other things, a line like |
| <phil_tty> | Key fingerprint = 52DF 5227 A9CF FBE8 71B7 4B4B F62A 5D2A A582 8A4D |
| <She-Ra> | ye.s |
| <phil_tty> | That is a number generated from your key and should be unique to your key. |
| <phil_tty> | At the very least, no process is known to create keys with specific fingerprints, so keys cannot be forged. |
| <phil_tty> | When verifying a person's key, you want to get the key id and fingerprint directly from that person, preferably in person. |
| <phil_tty> | i.e. don't trust a medium like IRC. |
| <She-Ra> | phil_tty : i remember you telling me (and others) about this before |
| <phil_tty> | Because the possibility for spoofing is too high. |
| <phil_tty> | So, for a key signing, you bring at least your key ID and fingerprint and probably proof of identity. |
| * She-Ra | will bring hers with her on sunday then? |
| <phil_tty> | Then, you exchange that information with the other people there. When done, you should have keyid and fingerprints from all the other people. |
| <phil_tty> | She-Ra; I'll get to that. |
| <phil_tty> | That's specific details. I'm still being (mostly) general. |
| <She-Ra> | ah, okay :) |
| <phil_tty> | Once you have key id and fingerprint from someone you believe is the owner of the information, you go home. |
| <phil_tty> | There, you grab the key from a keyserver, fi you don't already have it. |
| <phil_tty> | Command is 'gpg --keyserver <keyserver> --recv-keys <key id>' |
| <phil_tty> | daniel: Yeah. nearly done. |
| <phil_tty> | The keyserver is most likely going to be wwwkeys.pgp.net. |
| <phil_tty> | Once you have the key, run gpg --fingerprint on it and compare the fingerprint to the one you have. |
| <phil_tty> | If they match, then the key you have is the same one that belongs to the person in question. |
| <phil_tty> | You can then sign it, as a sign (if only to yourself) that you believe the key's claims about its owner. |
| <phil_tty> | The command to do that is 'gpg --sign-key <key id>' |
| <phil_tty> | Once you have done that you will be vouching for the validty of that key to anyone who checks. |
| <phil_tty> | Thus, don't sign keys lightly. |
| <phil_tty> | Does this all make sense? |
| <She-Ra> | phil_tty : yes, actually :) |
| <phil_tty> | Good. |
| <phil_tty> | That's a brief (hah!) overview of the conecpts involved. |
| <She-Ra> | all i need to bring is my key id and fingerprint? |
| <phil_tty> | She-Ra: Email dan the output of 'gpg --fingerprint '. |
| <phil_tty> | Dan'll print up nice lists with all of that information from all of the participants. |
| <phil_tty> | You need to bring your key id and fingerprint and some form of photo id, just in case. |
| %%% | fl_b_b (~steve@1Cust92.tnt1.stuart.fl.da.uu.net) has joined #umbclinux. |
| <fl_b_b> | ok, back. |
| <phil_tty> | fl_b_b: Briefly, email dan the output of 'gpg --fingerprint ' and bring your key ID, key fingerprint, and an item of photo ID to the party. |
| <phil_tty> | Continuing: |
| <She-Ra> | phil_tty : just the 'pub' part, yes? |
| <phil_tty> | She-Ra: At least the pub and fingerprint. The sub part won't hurt. |
| <She-Ra> | okey |
| <phil_tty> | At the party, everyone who's participating will get a list. It will be up to them to talk with each of the other people on the list (but make sure you at least get to daniel!) and exchange key information. You can mark the list when you're satisfied about each entry. |
| <She-Ra> | ah, crikey |
| <fl_b_b> | ok, sent fingerprint to daniel. |
| <phil_tty> | Again, you'll want to make sure the person is who they say they are (not too hard, as even if you don't know someone, you should know someone who can introduce you). You'll also need to make sure the information on the list is correct (i.e. typed in properly and dan isn't trying to pull a fast one on you). |
| <fl_b_b> | should I bring a whole bunch of hard copies of my key id/fingerprint/key? |
| <phil_tty> | Then, when you go home, you sign the keys you verified using the aforementioned signing procedure. |
| <fl_b_b> | phil_tty: what aforementioned signing procedure? |
| <phil_tty> | fl_b_b: No. We'll provide lists of all of the information. Just bring one copy so you can verify to people that the stuff on the printed list is correct. |
| <phil_tty> | Reiterating signing procedure: |
| <fl_b_b> | oh, ok. |
| <phil_tty> | (Because r_g was disconnected when I went over first time.) |
| <phil_tty> | Make sure you have the key. 'gpg --keyserver <keyserver> --recv-keys <key id>' if not. |
| <phil_tty> | keyserver is usually wwwkeys.pgp.net. |
| <phil_tty> | (Keyserver can also be set in you ~/.gnupg/options file so you don't have to type it all the time.) |
| <phil_tty> | Run 'gpg --fingerprint <key id>' and make sure the fingerprint matches the one you have written down. |
| <phil_tty> | If it does, sign key. |
| <phil_tty> | 'gpg --sign-keys <key id>' |
| <phil_tty> | Once that's done, send the key back to the keyserver so your signature will be propogated. |
| <fl_b_b> | ok. |
| <phil_tty> | 'gpg --keyserver <keyserver> --send-keys <key id>' or use mike's script. |
| <fl_b_b> | this will also be covered at keysigning, yes? |
| <phil_tty> | I'll reiterate at party. |
| <fl_b_b> | cool. |
| * fl_b_b | needs to disconnect for the night. |
| <phil_tty> | Maybe print on the back of the list. At least put a URL to instructions at the bottom. |
| <tim_home> | great, y'all are gonna make me read all this log to see about keysignings, arentcha? |
| <phil_tty> | tim_home: If you'd like. |
| <fl_b_b> | tim_home: naturally. |
| <phil_tty> | I'm also going take the log of this and turn it into a web page. |
| <tim_home> | whew |
| <phil_tty> | Also notes for the tutprial I'm giving for theLUG sometime this spring. |
| <tim_home> | cool |
| <phil_tty> | (I promise that the web page will have far fewer typos.) |
| <tim_home> | yuh huh |
| <phil_tty> | Because spell check! |
| <tim_home> | no one's signed my gpg key except for my old pgp identity, which in turn was signed by mike and one other. |
| <tim_home> | yep, definately must get daniel's signature before he moves too far away to do so. |
| %%% | fl_b_b (~steve@1Cust92.tnt1.stuart.fl.da.uu.net) quit IRC ("[x]chat") |
| <tim_home> | phil_tty: so, uploading key back to keyserver after signing someone's key will merge your signature with all others there? i.e. if I download your key, and cowbot downloads your key before I sign it, and we both sign and upload, you'll have one key with both signatures? |
| <phil_tty> | tim_home: Correct. |
| <tim_home> | cool. |
| * tim_home | remembers issues with pgp 2.6.2 about that, or maybe he and friends just weren't versed enough in it |
| <tim_home> | so should we bring printout with our fingerprint, or must we bring floppy? |
| <tim_home> | printout == "gpg --fingerprint <moo> | lpr" |
| <phil_tty> | tim_home: Just printout. No computers used. |
| <phil_tty> | Because you might not trust them. |