When: Tuesday 31st of May, 17h00
Venue: Telecommunications Regulatory Authority (TRA), Al Waheeda Street in Al Mamzar – Dubai (near Century Mall).
Room: DNS/DNSSEC workshop
PGP is a crypto system used by privacy enthusiasts, engineers, activists and Internet users at large to maintain privacy in their personal electronic communications.
OpenPGP is a set of standard RFCs developed by the IETF providing message confidentiality through a combination of symmetric-key and public-key encryption and message authentication and integrity via digital signatures.
This session has two main purposes:
- Introduce PGP users on how a key signing event works so that they can replicate these in the future in their own community.
- Extend PGP’s web of trust by allowing others to sign your own key, and hence becoming an introducer of that key.
What are the requirements to participate?
- Be familiar with crypto systems and some of its basics concepts (you can start by reading this excellent tutorial on how encryption works).
- Use GPGTools or be familiar with your OpenPGP software of choice. Download an appropriate one for your operating system.
- Have a PGP key pair (see how to create a new key pair using GPGTools for Mac) and submit your public key to the keyring.
- A copy of a photo-ID, preferably your government-issued passport, on the day of the event.
Before attending, you should make sure that
- Your installed PGP software is working as per your expectiations
- Your PGP key is visible on a public keyserver; and ideally, add it to the keyring mentioned below.
How will the session work?
- The key signing organiser will distribute printed copies of the keyring to all participants.
- Each participant will pass his or her own photo-IDs clockwise and should verify the photo-IDs received from others.
- Each participant will read out their known-good PGP key fingerprint, from a medium which is not the printed copy (eg. a laptop, business card, etc) while other participants will verifies this against the printed copy of the keyring, hence validating the key submitted.
- Once satisfied that these are accurate, you should then import these public keys to your PGP keyring.
- You should then sign them as an indication of your trust.
- Once signed, you should then upload the now-signed keys, to a public keyserver.
See you at the signing event!