docs/keysigning-help

annotate keysigning-help.tex @ 3:aa9f4b501eaf

spell checked
author meillo@marmaro.de
date Wed, 18 Feb 2009 18:02:39 +0100
parents 1d91fadb416f
children
rev   line source
meillo@0 1 % Supplemental Keysigning Help
meillo@0 2 %
meillo@0 3 % markus schnalke <meillo@marmaro.de>
meillo@0 4 %
meillo@0 5 % since 2009-02-17
meillo@0 6
meillo@0 7 \documentclass[a4paper,twocolumn]{article}
meillo@0 8
meillo@0 9 \usepackage{paper}
meillo@0 10
meillo@0 11 \usepackage{url}
meillo@0 12 \usepackage{graphicx}
meillo@0 13 \usepackage{verbatim}
meillo@0 14
meillo@0 15
meillo@0 16 \begin{document}
meillo@0 17
meillo@0 18 \date{}
meillo@0 19 \title{\textbf{\huge Supplemental Keysigning Help}}
meillo@0 20 \author{markus schnalke\\meillo@marmaro.de}
meillo@0 21 \maketitle
meillo@0 22
meillo@0 23 \copyright{
meillo@0 24 Created for some people of the LUG Ulm \cite{lugu}, 2009-02-18\\
meillo@0 25 This document is available on my website \url{http://marmaro.de/docs}\,.
meillo@0 26 }
meillo@0 27
meillo@0 28
meillo@0 29 \abstract{
meillo@0 30 Methods to organize keysigning events are available in large numbers. They usually describe only what needs be done in which order, and this is exactly what they should do.
meillo@0 31
meillo@0 32 This document is a supplemental help to one of the methods by describing concrete ways how to actually do some of the tasks. It suggest tools and shows how to use them.
meillo@0 33 }
meillo@0 34
meillo@0 35
meillo@0 36
meillo@0 37 \section{Introduction}
meillo@0 38
meillo@3 39 This document tries to help people in organizing a Keysigning event. It should be seen as concrete suggestions for how to do things that are already described by the keysigning method in general. The method defines how to organize the keysigning, this document makes concrete suggestions \emph{how} to do things. This document also shows how to generate WOT graphs.
meillo@0 40
meillo@0 41
meillo@0 42
meillo@0 43
meillo@0 44 \section{Keysigning method}
meillo@0 45
meillo@2 46 The keysigning method that is focused here is Zimmermann and Sassaman's method \cite{zimmermann}. It is easy to use and scales well for any amount of people.
meillo@0 47
meillo@0 48 One should become familiar with this method and follow it when organizing a keysigning event. This document provides technical help with some selected tasks.
meillo@0 49
meillo@0 50
meillo@0 51
meillo@0 52
meillo@0 53 \section{Key management}
meillo@0 54
meillo@0 55 When you invite people to the keysigning event you will receive their public key(s). To manage the keys it is recommended to add them to a new keyring:
meillo@0 56
meillo@0 57 {\tt\small
meillo@0 58 \begin{verbatim}
meillo@0 59 $ gpg --no-default-keyring \
meillo@0 60 --keyring /path/to/keyring.gpg \
meillo@0 61 --import some-public-key.asc
meillo@0 62 \end{verbatim}
meillo@0 63 }
meillo@0 64
meillo@0 65 It is also possible to directly fetch the keys from a keyserver, but this is not preferred. It is better to receive the keys directly from the owners.
meillo@0 66
meillo@0 67 {\tt\small
meillo@0 68 \begin{verbatim}
meillo@0 69 $ gpg --no-default-keyring \
meillo@0 70 --keyring /path/to/keyring.gpg \
meillo@0 71 --keyserver subkeys.pgp.net \
meillo@0 72 --recv-key 0xDEADBEEF
meillo@0 73 \end{verbatim}
meillo@0 74 }
meillo@0 75
meillo@0 76
meillo@0 77
meillo@0 78
meillo@0 79 \section{Participant list}
meillo@0 80
meillo@3 81 You have to generate a list that contains the public keys of all participants. A script to do this automatically with nice formatting is available \cite{keylist}. The script is not perfect, but sufficient.
meillo@0 82
meillo@0 83 {\tt\small
meillo@0 84 \begin{verbatim}
meillo@0 85 $ keylist.sh /path/to/keyring.gpg header.txt \
meillo@0 86 howto.txt checksums.txt
meillo@0 87 \end{verbatim}
meillo@0 88 }
meillo@0 89
meillo@0 90 The script generates a public key list from all keys in the keyring (first argument). This list can get prepended by the contents of text files (all further arguments).
meillo@0 91
meillo@3 92 A general header is demanded by good style. Descriptions of what the participants need to do are highly recommended in order to support inexperienced participants. Fields to insert the checksums should be provided anyway. Examples for the here included files can be found at \cite{keylist}.
meillo@0 93
meillo@0 94 %Figure \ref{fig:keylist} shows a sample participant list.
meillo@0 95
meillo@0 96 \begin{figure}
meillo@0 97 {\tt\tiny
meillo@0 98 \verbatiminput{keylist-sample.txt}
meillo@0 99 }
meillo@0 100 \label{fig:keylist}
meillo@0 101 \caption{A sample participant list}
meillo@0 102 \end{figure}
meillo@0 103
meillo@0 104
meillo@0 105
meillo@0 106
meillo@0 107 \section{WOT graphs}
meillo@0 108
meillo@0 109 The change of the Web of Trust (short: WOT) does directly show the gain of a keysigning event. The more interweaved and the shorter connections between individuals are, the better is the trust among that group of people.
meillo@0 110
meillo@0 111 Providing WOT graphs is a nice act of a keysigning organizer. However, it is in any case optional and can be done afterwards, too.
meillo@0 112
meillo@0 113 Two programs are required to generate the graphs: \texttt{sig2dot} \cite{sig2dot} and \texttt{neato} from \texttt{graphviz} \cite{graphviz}.
meillo@0 114
meillo@0 115 To generate a graph that depicts the WOT, use the following command:
meillo@0 116
meillo@0 117 {\tt\small
meillo@0 118 \begin{verbatim}
meillo@0 119 $ gpg --no-default-keyring \
meillo@0 120 --keyring /path/to/keyring.gpg \
meillo@0 121 --list-sigs \
meillo@0 122 | sig2dot -d YYYY-MM-DD \
meillo@0 123 | neato -Tpng > wot.png
meillo@0 124 \end{verbatim}
meillo@0 125 }
meillo@0 126
meillo@0 127 The date (`\texttt{YYYY-MM-DD}') must be substituted, of course. The generated image shows the WOT at the given date.
meillo@0 128
meillo@0 129 To generate graphs of the WOT after the event, one must update the keyring first:
meillo@0 130
meillo@0 131 {\tt\small
meillo@0 132 \begin{verbatim}
meillo@0 133 $ gpg --no-default-keyring \
meillo@0 134 --keyring /path/to/keyring.gpg \
meillo@0 135 --keyserver subkeys.pgp.net \
meillo@0 136 --refresh-keys
meillo@0 137 \end{verbatim}
meillo@0 138 }
meillo@0 139
meillo@0 140 New images can be created the same way as described above, only the date needs to be changed.
meillo@0 141
meillo@0 142 (Notice that only signatures that were uploaded to a keyserver will be included.)
meillo@0 143
meillo@0 144 %Figure \ref{fig:wot-graphs} shows sample WOT graphs before and after a keysigning event.
meillo@0 145
meillo@0 146 \begin{figure}
meillo@0 147 \includegraphics[scale=0.45]{wot-before.ps}
meillo@0 148 \hfill
meillo@0 149 \includegraphics[scale=0.45]{wot-after.ps}
meillo@0 150 \caption{Sample graphs which show the WOT before and after a keysigning event}
meillo@0 151 \label{fig:wot-graphs}
meillo@0 152 \end{figure}
meillo@0 153
meillo@0 154
meillo@0 155
meillo@0 156 \section{A hint for participants}
meillo@0 157
meillo@0 158 Receiving keys, signing them, and sending the signatures back to the key owners can be a wasteful job, especially if may people took part in a keysigning event.
meillo@0 159
meillo@3 160 The nice tool \texttt{caff} \cite{signing-party} is a great helper. It automates the whole process, from key retrieval, to signing, to sending the signatures. (An MTA is required to send signatures.)
meillo@0 161
meillo@0 162
meillo@0 163
meillo@0 164 \section{Acknowledgments}
meillo@0 165
meillo@0 166 This document bases heavily on how Fabian Fingerle \cite{fabianfingerle} organizes keysigning events. I thank him for being a great inspiration.
meillo@0 167
meillo@0 168
meillo@0 169
meillo@0 170 {\footnotesize
meillo@0 171 \bibliographystyle{plain}
meillo@0 172 \bibliography{references}
meillo@0 173 }
meillo@0 174
meillo@0 175
meillo@0 176
meillo@0 177 \end{document}
meillo@0 178