[KwartzLab] Key Signing Party

[Jonathan Lamothe]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11-09-12 01:55 PM, Robert Gissing wrote:
> ... so...what is a key signing party?  i am not so sure what this is.

One of the challenges I'm going to experience is finding a way to
explain this simply.  I'm sure you're not the only person on the list
who doesn't know, and I'll probably be explaining it a lot.  ;)

It boils down to this:

There's an open technology called PGP that allows you to encrypt and/or
digitally sign e-mail and other communications (I use it to sign all my
e-mails).

Everyone in the system generates a set of two keys, one public, the
other private.  As their names would imply, you *never* give the private
key to *anyone*, but you can broadcast the public key to the whole world
if you like (in fact, the more people who know it the better).

Once this is done, you can send encrypted messages to people and verify
their signatures if you have their public key (the private key is
required to decrypt the message or to generate the signature).

The challenge is that there needs to be a way of being certain that a
given public key actually belongs to the person you think it does.
That's where the key signing party comes in:

It's a time-honoured tradition wherein people exchange public keys in
person so that you know the key you have is authentic.  People then sign
the keys to verify their authenticity (think of it like being the
guarantor on a passport).

This creates something called a web of trust, and through some fancy
magic, you can even use it to verify the identities of people you
*haven't* met in person to be able to communicate with them securely as
well.

- -- 
Regards,
Jonathan Lamothe

0 1 0
0 0 1
1 1 1
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk5ulQwACgkQKnJRp6olvh2Y1wCgxP7Xd+tpcRW2vu4tf0G0/6MD
Y2oAn0/zLOdjowHUfaFmLvVDsIqMwruI
=PgbV
-----END PGP SIGNATURE-----