Trusted Signatures on your Public key?

[Marc Mutz]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thursday 19 July 2001 11:58, Peter Lavender wrote:
> * Marc Mutz (Marc.Mutz@uni-bielefeld.de) wrote:
> > Basically, yes. You go to key-signing parties of your local
> > <insert-os-here>-User-Group or bug people on expos. Or you search
> > for people you may get your hands on using the keyserevers.
>
> I have the FAQ here, but I gather how to do this, ie how to get
> signatures on your public key is discussed in the docs?
>
> That's what I was curious about, just how do you do this, take your
> key on a floppy, and then get people to sign it.. then come home and
> import it?
<snip>

print the output of
gpg --fingerprint --list-keys <my-key-id>
several times (_many_ times if you want to go to somting as big as 
LinuxTag - calculate in the 50-or-more regime) and sign it (by hand, 
i.e. with a pen as you would sign a contract). The others will do the 
same and on the event, you just exchange these papers.

After a look at the other one's passport or driving license (or 
whatever -see different thread), you sign _his_ paper and take it home 
with you. There, you compare the fingerprints on the paper with the one 
shown by GnuPG from the downloaded pubkey and if they match, you sign 
the peer's key and send it to him.

You may additionally send an encrypted "ping" message to all UIDs on 
the peer's key before signing just to make sure that the peer is in 
fact in control of all UIDs and has the secret key.

Marc

- -- 
Marc Mutz <Marc@Mutz.com>
http://marc.mutz.com/
http://www.mathematik.uni-bielefeld.de/~mmutz/
http://EncryptionHOWTO.sourceforge.net/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7VuiE3oWD+L2/6DgRAhaoAJ4niQ8ikJrlDBupjPfWgacIXev0rACggv2t
8K8vcAxuxoOvaHbGb4WQRNQ=
=7bGo
-----END PGP SIGNATURE-----