docs/keysigning-help

view keysigning-help.tex @ 3:aa9f4b501eaf

spell checked
author meillo@marmaro.de
date Wed, 18 Feb 2009 18:02:39 +0100
parents 1d91fadb416f
children
line source
1 % Supplemental Keysigning Help
2 %
3 % markus schnalke <meillo@marmaro.de>
4 %
5 % since 2009-02-17
7 \documentclass[a4paper,twocolumn]{article}
9 \usepackage{paper}
11 \usepackage{url}
12 \usepackage{graphicx}
13 \usepackage{verbatim}
16 \begin{document}
18 \date{}
19 \title{\textbf{\huge Supplemental Keysigning Help}}
20 \author{markus schnalke\\meillo@marmaro.de}
21 \maketitle
23 \copyright{
24 Created for some people of the LUG Ulm \cite{lugu}, 2009-02-18\\
25 This document is available on my website \url{http://marmaro.de/docs}\,.
26 }
29 \abstract{
30 Methods to organize keysigning events are available in large numbers. They usually describe only what needs be done in which order, and this is exactly what they should do.
32 This document is a supplemental help to one of the methods by describing concrete ways how to actually do some of the tasks. It suggest tools and shows how to use them.
33 }
37 \section{Introduction}
39 This document tries to help people in organizing a Keysigning event. It should be seen as concrete suggestions for how to do things that are already described by the keysigning method in general. The method defines how to organize the keysigning, this document makes concrete suggestions \emph{how} to do things. This document also shows how to generate WOT graphs.
44 \section{Keysigning method}
46 The keysigning method that is focused here is Zimmermann and Sassaman's method \cite{zimmermann}. It is easy to use and scales well for any amount of people.
48 One should become familiar with this method and follow it when organizing a keysigning event. This document provides technical help with some selected tasks.
53 \section{Key management}
55 When you invite people to the keysigning event you will receive their public key(s). To manage the keys it is recommended to add them to a new keyring:
57 {\tt\small
58 \begin{verbatim}
59 $ gpg --no-default-keyring \
60 --keyring /path/to/keyring.gpg \
61 --import some-public-key.asc
62 \end{verbatim}
63 }
65 It is also possible to directly fetch the keys from a keyserver, but this is not preferred. It is better to receive the keys directly from the owners.
67 {\tt\small
68 \begin{verbatim}
69 $ gpg --no-default-keyring \
70 --keyring /path/to/keyring.gpg \
71 --keyserver subkeys.pgp.net \
72 --recv-key 0xDEADBEEF
73 \end{verbatim}
74 }
79 \section{Participant list}
81 You have to generate a list that contains the public keys of all participants. A script to do this automatically with nice formatting is available \cite{keylist}. The script is not perfect, but sufficient.
83 {\tt\small
84 \begin{verbatim}
85 $ keylist.sh /path/to/keyring.gpg header.txt \
86 howto.txt checksums.txt
87 \end{verbatim}
88 }
90 The script generates a public key list from all keys in the keyring (first argument). This list can get prepended by the contents of text files (all further arguments).
92 A general header is demanded by good style. Descriptions of what the participants need to do are highly recommended in order to support inexperienced participants. Fields to insert the checksums should be provided anyway. Examples for the here included files can be found at \cite{keylist}.
94 %Figure \ref{fig:keylist} shows a sample participant list.
96 \begin{figure}
97 {\tt\tiny
98 \verbatiminput{keylist-sample.txt}
99 }
100 \label{fig:keylist}
101 \caption{A sample participant list}
102 \end{figure}
107 \section{WOT graphs}
109 The change of the Web of Trust (short: WOT) does directly show the gain of a keysigning event. The more interweaved and the shorter connections between individuals are, the better is the trust among that group of people.
111 Providing WOT graphs is a nice act of a keysigning organizer. However, it is in any case optional and can be done afterwards, too.
113 Two programs are required to generate the graphs: \texttt{sig2dot} \cite{sig2dot} and \texttt{neato} from \texttt{graphviz} \cite{graphviz}.
115 To generate a graph that depicts the WOT, use the following command:
117 {\tt\small
118 \begin{verbatim}
119 $ gpg --no-default-keyring \
120 --keyring /path/to/keyring.gpg \
121 --list-sigs \
122 | sig2dot -d YYYY-MM-DD \
123 | neato -Tpng > wot.png
124 \end{verbatim}
125 }
127 The date (`\texttt{YYYY-MM-DD}') must be substituted, of course. The generated image shows the WOT at the given date.
129 To generate graphs of the WOT after the event, one must update the keyring first:
131 {\tt\small
132 \begin{verbatim}
133 $ gpg --no-default-keyring \
134 --keyring /path/to/keyring.gpg \
135 --keyserver subkeys.pgp.net \
136 --refresh-keys
137 \end{verbatim}
138 }
140 New images can be created the same way as described above, only the date needs to be changed.
142 (Notice that only signatures that were uploaded to a keyserver will be included.)
144 %Figure \ref{fig:wot-graphs} shows sample WOT graphs before and after a keysigning event.
146 \begin{figure}
147 \includegraphics[scale=0.45]{wot-before.ps}
148 \hfill
149 \includegraphics[scale=0.45]{wot-after.ps}
150 \caption{Sample graphs which show the WOT before and after a keysigning event}
151 \label{fig:wot-graphs}
152 \end{figure}
156 \section{A hint for participants}
158 Receiving keys, signing them, and sending the signatures back to the key owners can be a wasteful job, especially if may people took part in a keysigning event.
160 The nice tool \texttt{caff} \cite{signing-party} is a great helper. It automates the whole process, from key retrieval, to signing, to sending the signatures. (An MTA is required to send signatures.)
164 \section{Acknowledgments}
166 This document bases heavily on how Fabian Fingerle \cite{fabianfingerle} organizes keysigning events. I thank him for being a great inspiration.
170 {\footnotesize
171 \bibliographystyle{plain}
172 \bibliography{references}
173 }
177 \end{document}