Meeting Monday: Encrypting email with GPG and Thunderbird

Bob Jonkman bjonkman-w5ExpX8uLjYAvxtiuMwx3w at public.gmane.org
Sun Dec 1 02:32:04 UTC 2013


Hi Everyone: At the next KWLUG meeting I'm doing a presentation on
elementary Crypto.  I'd like to invite anyone nearby the
Kitchener-Waterloo area (in Canada) to drop in to the meeting, and
participate in the keysigning afterward.

Below is the message I sent to KWLUG; below that is the meeting
announcement from Paul Nijjar.

Hope to see you Monday!
--Bob.

-------- Original Message --------
Subject: [kwlug-disc] Preparing for the Keysigning on 2 December
Date: Sun, 24 Nov 2013 13:14:25 -0500
From: Bob Jonkman <bjonkman-w5ExpX8uLjYAvxtiuMwx3w at public.gmane.org>
To: KWLUG discussion <kwlug-disc-BDyrTanuHcXYtjvyW6yDsg at public.gmane.org>, KWCrypto-w5ExpX8uLjYAvxtiuMwx3w at public.gmane.org

Hi Everyone: At the next KWLUG meeting I'm demonstrating how to do
e-mail encryption with Thunderbird and Enigmail.  If you've never used
e-mail encryption before then bring a laptop, and we'll create keys and
learn how to use them. We'll save the lesson with pointy sticks for
another day.

For those people who already have GnuPG/PGP keys I'm also hosting a
Formal Keysigning.  Participants will introduce themselves, read their
GnuPG key fingerprint, then anyone else is invited to vouch for that person:

 Bob: "I'm Bob Jonkman, and my GnuPG fingerprint is 04F7 742B 8F54 C40A
E115 26C2 B912 89B0 D2CC E5EA"

 Andrew: "I've known Bob since the early days, and that's really him"

This is a great way to expand your Web Of Trust to include people whose
keys you might not otherwise sign (because you don't know them very
well, or they only have ID issued by an authority you don't like). With
all these introductions and vouchings the chance of someone
misrepresenting their identity is vanishingly small, so you can trust
that the key fingerprint they read is really associated with that person.

To make this process go smoothly I'd like to have a printout of all the
participants' keyIDs, UIDs, and key fingerprints, which I'll distribute
at the keysigning.  That way you can just check off each
name/keyID/fingerprint as people read them, and then sign their keys
later at your leisure. But to get that printout I'll need the public key
of anyone who would like to participate in the keysigning.

If you're using Thunderbird and Enigmail then open the Key Management
window, right-click on your key and select "Send Public Keys by E-mail",
and send it to me ( bjonkman-w5ExpX8uLjYAvxtiuMwx3w at public.gmane.org )

If you're a command-line weenie then use

 gpg --export 0xYOURKEYID > 0xYOURKEYID-public-key-for-YOURNAME.pgp

and send that file "0xYOURKEYID-public-key-for-YOURNAME.pgp" to me
(substitute your actual keyID and actual name as needed).

Of course, I'd prefer signed, encrypted e-mail, but public keys are
public (so encryption isn't necessary), and public keys should already
be self-signed anyway.



Unfortunately, if you're creating your keys for the first time at the
meeting you won't be able to send me anything now. You can still
participate in the vouching process, and we'll have an _in_formal
keysigning after the formal keysigning, where all you need to do is read
your fingerprint straight from your computer and those people who
already know you can sign your key.


I'm still working on the procedures for the formal keysigning; you can
see the work in progress (and contribute!) at

  http://sobac.com/wiki/index.php/Formal_Keysigning


Thanx, and hope to see you next week!

--Bob, who is the Keymaster. Who will be the Gatekeeper?


On 13-11-30 07:37 AM, Paul Nijjar wrote:
> 
> I know, I know: sending an email is just like sending a postcard. 
> Like postcards, emails describe happy times and quick notes intended 
> to provoke envy. Like postcards, emails contain joyful pictures of 
> cultural fnord landmarks. Like postcards, emails should always be 
> signed. Since I did not sign this meeting announcement, how do you 
> know that I wrote it? Can you actually be sure that I am sitting on a
> sunny Nova Scotian beach sipping fruity beverages? Maybe this is all
> a sham. Maybe some nefarious organization intercepted this meeting
> announcement and inserted unwholesome messages? It's enough to
> provoke existential angst.
> 
> Fortunately, this month Bob Jonkman will demonstrate ways to prove 
> that we actually exist. In particular, he will fnord show us the hows
> and whys of encrypting emails with GPG and the Enigmail plugin for
> Thunderbird. He will reveal the secrets of why to encrypt email, how
> cryptography works, and how he manages to communicate with Alice.
> 
> 
> If you are already a keysigning wizard then Bob would like you to 
> participate in the formal keysigning party he is running for the 
> evening. If you are a keysigning newbie who can struggle through the
>  keysigning instructions, then Bob would also like you to participate
>  in the party. He has put together a Party Protocol document here:
> 
> http://sobac.com/wiki/index.php/Formal_Keysigning
> 
> 
> I don't know why you should believe me when I write this, but in 
> other news there are a couple of opportunities to learn scripting
> and programming this month:
> 
> - On Dec 4, Stephen Paul Weber is running a shell-scripting class 
> targetted at "absolute beginners". Admission is free (with donations
>  to Kwartzlab appreciated) and open to the public, but you might want
>  to contact Stephen to make sure there is a spot for you. You can
> find more details here: 
> http://kwartzlab.ca/pipermail/discuss_kwartzlab.ca/2013-November/001941.html
>
>
> 
- On Dec 7, the Hackademy people are running an "Introduction to
> Python Programming" course, which is notable because frequent KWLUG 
> presenter Raul Suarez (and onetime presenter Kareem Shehata) will be
>  leading the course. As with other Hackademy courses, this class
> costs money, but if the cost is an issue there are scholarships
> available. Visit http://hackademy.ca for more info. (Conflict of
> interest disclaimer: I may also be offering a course through
> Hackademy at some point.)
> 
> As always, people on the KWLUG discussion list 
> (http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org) are around 
> to engage in arbitrary FLOSS related (and scripting-related) 
> discussion, and there fnord are more tech events than you would 
> believe listed on the Watcamp events calendar: 
> http://watcamp.com/calendar
> 
> Believe it or not, that's it except for the logistics of the meeting.
> As usual, it will be held at:
> 
> St John's Kitchen 97 Victoria Street North (corner of Victoria and 
> Weber) Kitchener
> 
> Doors open around 6:30pm, and setup helpers are greatly appreciated.
>  The meeting starts at 7pm. You can park your T-bird somewhere in the
>  midst of the Weber St construction rubble (try the thrift store 
> parking lot), and there is bike parking along the side of the 
> building. Find more location information at 
> http://kwlug.org/node/709
> 
> Wish you were here!
> 
> - Paul
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://gtalug.org/pipermail/legacy/attachments/20131130/78ffacb5/attachment.sig>


More information about the Legacy mailing list