When: Tuesday 31st of May, 17h00
Venue: Telecommunications Regulatory Authority (TRA), Al Waheeda Street in Al Mamzar – Dubai (near Century Mall).
Room: DNS/DNSSEC workshop
PGP is a crypto system used by privacy enthusiasts, engineers, activists and Internet users at large to maintain privacy in their personal electronic communications.
OpenPGP is a set of standard RFCs developed by the IETF providing message confidentiality through a combination of symmetric-key and public-key encryption and message authentication and integrity via digital signatures.
This session has two main purposes:
- Introduce PGP users on how a key signing event works so that they can replicate these in the future in their own community.
- Extend PGP’s web of trust by allowing others to sign your own key, and hence becoming an introducer of that key.
What are the requirements to participate?
- Be familiar with crypto systems and some of its basics concepts (you can start by reading this excellent tutorial on how encryption works).
- Use GPGTools or be familiar with your OpenPGP software of choice. Download an appropriate one for your operating system.
- Have a PGP key pair (see how to create a new key pair using GPGTools for Mac) and submit your public key to the keyring.
- A copy of a photo-ID, preferably your government-issued passport, on the day of the event.
Before attending, you should make sure that
- Your installed PGP software is working as per your expectiations
- Your PGP key is visible on a public keyserver; and ideally, add it to the keyring mentioned below.
How will the session work?
- The key signing organiser will distribute printed copies of the keyring to all participants.
- Each participant will pass his or her own photo-IDs clockwise and should verify the photo-IDs received from others.
- Each participant will read out their known-good PGP key fingerprint, from a medium which is not the printed copy (eg. a laptop, business card, etc) while other participants will verifies this against the printed copy of the keyring, hence validating the key submitted.
- Once satisfied that these are accurate, you should then import these public keys to your PGP keyring.
- You should then sign them as an indication of your trust.
- Once signed, you should then upload the now-signed keys, to a public keyserver.
Questions and comments
If you have questions, or require assistance, please feel free to get in touch with Gael Hernandez or Nishal Goburdhan.
See you at the signing event!
OS X: GPG Keychain
Windows: Kleopatra
Linux: GnuPG
iOS: iPGMail
Android: OpenKeychain