Skip to content

Instantly share code, notes, and snippets.

@jcarouth

jcarouth/ZendCon-Keysign.md

Last active August 29, 2015 14:07
Show Gist options
  • Save jcarouth/b6aab57e111e0a19b1d0 to your computer and use it in GitHub Desktop.
Save jcarouth/b6aab57e111e0a19b1d0 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ZendCon-Keysign.md

ZendCon 2014 PGP Keysigning

At ZendCon 2014 there will be a PGP Keysigning event. To participate all you need to do is a) have a PGP key you would like signed by other particpants and you will be able to sign other participant's keys with and b) have some form of official identification that matches the primary identity on your key. For example, if you name is listed on your PGP key as Bobby Tables you should have a government-issued ID that reads close to Bobby Tables. (Common substitutions like Matt for Matthew or Jen for Jennifer are usually acceptable.)

For some background and how-to information, check out my blog posts on a similiar PGP keysigning event at php[tek] 2014 and Signing PGP Keys for the mechanics of how to sign keys.

Why you should participate

The web of trust is an important component to the security and usability of PGP keys for signing and encrypting. I am personally working towards growing the web of trust within the PHP community by hosting these events at PHP conferences. The idea is to get more and more people exposed to PGP keys and to have a stronger web within the community so that we can use keys to sign releases, packages, emails, etc. and be able to trust and verify who authored them.

By verifying your own key with other people and others' keys with your key you are stengthening the legitimacy of public key encryption in our community and within society as a whole for just a small investment of your time.

What you need to do

  1. If you do not have a PGP key pair, generate one now. Instructions are available on the first blog post referenced above.
  2. Upload your key to a public key server. Example: SKS Keyservers or MIT PGP Keyserver
  3. Post a link to your public key (on one of the servers from 2.) -OR- post your public key in the comments below.
  4. Show up at ZendCon 2014 with an ID for verification
  5. After ZendCon (or in your hotel room or somewhere else private) sign keys you verified and trust for other participants.

Posting to a public keyserver

If you do not post to a public keyserver it is harder for other people to use your key. This means you will have to send it to each person who needs to use it, or host it on your personal webserver for people to find. The easiest way is to submit to a public keysever. However, I will point people to this Gist for any keys that are not hosted on a keyserver.

@papayasoft
Copy link

This is my public key: http://pgp.mit.edu/pks/lookup?op=vindex&fingerprint=on&search=0x244F81C35D0856EF

@Danielss89
Copy link

Going too: http://pgp.mit.edu/pks/lookup?op=vindex&search=0x540EAFCC0E858A63

@Danielss89
Copy link

So where exactly will this meetup be? And when?

@zombiesplat
Copy link

here's mine http://pgp.mit.edu/pks/lookup?op=get&search=0x6B4A71A188F02F55
when and where is this?

@jcarouth
Copy link
Author

Hi @Danielss89 and @zombiesplat. I just added an uncon lightning talk at 2:45pm today for this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment