Hello everyone, The KSP went very well. It's a messy process but one you will become more familiar with over time. The web of trust relies upon as many interconnections as possible. Now you need to complete the key signing process. At the party you verified to yourself that the person you saw there really did own the key. Through their reading of their fingerprint and showing of their ID you were able to justify that they are who they claim to be. Now you must attest to the rest of the world that you have personally verified that the key belongs to the other person. It is this testament that others will make use of to feel confident that they are talking to who they believe they are talking to. You do this with the --sign-key command. The process will take about five minutes depending upon how quickly you type. Once you have signed all the keys, email the keyring back to me and I will collate the signatures. Once everyone has gotten back to me I will send you back your public key with all the signatures that have been made on it. The sgvlug keyring will also be posted to my GPG page and a link made on the oclug site. And here are the instructions: 1) take the attached file 'sgvlug.gpg' and detach/copy it into your ~/.gnupg/ directory. 2) Get your KSP worksheet out and have it in front of you. 3) Run the following command for each of the entries on your sheet that have *BOTH* *BOXES* checked off. One box is not enough. $ gpg --keyring sgvlug.gpg --sign-key [KEYID] You will be shown the KeyID, Fingerprint, UserID, Size and Type of the key. Quickly check that this information matches what is on the paper (and you already know the key ID matches because you typed it on the command line :-)) Here is what it looked like when I signed 's key: ============================================================================ $ gpg --keyring sgvlug.gpg --sign-key XXXXXXXX ============================================================================ 4) After repeating step three for each and every double-marked ID on your worksheet, run the following command to export your newly created signatures. $ gpg --no-default-keyring --armor --keyring sgvlug.gpg --export > sgvlug.asc 5) Mail that file as an attachment or cut/paste it into a message to me at 6) Once everyone has gotten back to me (or a week has gone by) I'll take all the signatures I have received and send you each a copy of the signatures. Those signatures will be in a form you can --import into your normal public keyring. That way you won't have to specify --keyring every time. 7) When you import those signatures on to your ring, don't forget to update your published copy of your public key on your web page. (or if you are so inclined you can upload your own key to one of the many public key servers out there.) Thanks everyone for participating and here's some tips for improving your web of trust. * Hold a KSP for you LUG, there's a HOWTO available online at . * Bringing a couple copies of your fingerprint to your local LUG meeting just in case you see someone new. When you say hi, just give them a copy and a peek at your ID. Instant web of trust. * Attend KSPs of nearby LUGs. This ties your LUG to others in the area. * Be diligent when verifying someone's identity. Remember when you sign a key you are telling the world that you belive that person to be who their key's UID says they are. * Sign your mail. Set an example by doing. * Learn more about GnuPG by reading through the documentation online at * Teach others what you know about GPG. The two tips I had for your ~/.gnupg/options file are to add an 'armor' entry on a line by itself so that you get armored output by default, and to add a Comment entry telling people where they can download a copy of your your public key. Here are the relevant lines from my personal config: armor comment "http://www.mrball.net/todd.asc" If you have questions about using GPG, I'll answer them if I can, otherwise there are the online fora linked to off of the GnuPG web site. I'm happy to respond to questions, just please be understanding if it takes a while. I get over 100 emails a day. It was a pleasure seeing you all at the OCLUG meeting and I hope to see you all again at the next meeting. Blue skies... Todd P.S. Those of you that verified my identity at the KSP, after you finish signing my key try running this email through. You should get a 'Good' signature.