http://www.debian-administration.org/users/dkg/weblog/48

If you understand the instructions in the link above, you should
probably follow them soon. If you don’t understand them, don’t worry
too much, as your keys and signatures are still mostly safe for now,
they’re just not future-proof. You’ll probably want to wait until new
versions of your software are released with updated default settings,
and then generate new keys.

I’ve generated a new key for myself, which I’ve signed with the old key
and will be using from now on.

The idea behind this is to lower the barrier to entry for using PGP encryption.  If you want to communicate privately with someone, instead of having to guide them through the install process for 3 different components, you can just have them download CryptoFox and run it.  No installation is required.

It’s also a little tricky to set FireGPG and GnuPG up to function portably.  If you want to run them from a USB stick on any computer, I’ve already done the hard part for you.

BarCamp will take place on April 18th, on the third floor of the GCCIS building (#70) on RIT campus.  The keysigning party will happen at 2:00 PM.  If you’re interested in attending, you’ll need to do a little bit of preparation:

Before the Party

1. Send me an email to let me know you’ll be there.  This isn’t absolutely necessary, but I’d like to get a rough estimate of how big the party will be.  You’re also encouraged (though not strictly required) to sign up for BarCamp and give some kind of presentation.
2. If you don’t have one already, create a PGP keypair.
3. Print out slips of paper with your key’s fingerprint, along with your name and the email address associated with the key.  You should be able to fit several of these onto a single sheet of paper (18 if you lay them out like so).  As of this writing I don’t know what the turnout will be like, but I’m guessing one sheet will be enough.
4. Bring a pen and the slips of paper with you to the party.  Also bring identification, preferably two forms, at least one of which is a photo ID and one of which is government-issued.  Driver’s license, passport, etc.  Don’t bring a computer (or if you do, leave it powered off), you won’t need it.

During the Party

The party will be run in a simple ad-hoc format.  You and each other participant will:

1. Trade key fingerprints.  You give them one of your slips of paper, and they give you one of theirs.
2. Check identification.  Make sure that the photo on the ID matches the person, and that the name on the ID matches the name on their slip of paper.
3. If their ID checks out, and you’re comfortable asserting to the world that this person is who they say they are, write your initials on the slip of paper that they gave you.

Once you’ve traded fingerprints with everyone, the formal part of the party is over.  If there’s time left, we can have an informal discussion (perhaps about promoting PGP use in Rochester?), or you can just head out.

After the Party

Once you get home, you’ll need to actually sign the keys of the party-goers.  For each slip of paper that you initialled:

1. Acquire the corresponding key from the public key servers.  You can search by name, email address, or fingerprint.
2. Verify that the name, email address, and fingerprint of the key you’ve downloaded matches the name, email address, and fingerprint on the slip of paper you were given.
3. Using your PGP program, sign the key.
4. Export the signed key and send it in an encrypted email to the address listed on the key.  Don’t upload it back to the public key servers.  This ensures that the email address really does belong to the person who possesses the key.

When you receive signatures from others, import them into your keyring and update your key on the public key servers.

That’s pretty much it.  If you have any questions, either email me or leave a comment here.