How to get your first key signed

Christopher Beck beckus at beckus.eu
Thu Oct 1 23:16:53 CEST 2015 

On 09/30/15 19:17, David Niklas wrote:
> Hello,
> I create for myself a gpg key and want to get it signed, however I've
> sent out half a dozen requests and so far I've gotten only negative
> responses to the effect that I must know so-and-so and we must met in
> person (considering that the person responds at all).
> Now, I'm a student (think penny less), and live in a rural area 100mi
> from the nearest LUG and people out here are _very_ computer illiterate
> to the point where educated people think that turning a computer off
> will damage it, or that the computer loses power (1GHz becomes .2GHZ),
> as it grows older. So no one has a key, at all. And they would not want
> to help create a web of trust even if I asked and explained it to them.
> They just don't believe in security around here (Oh, that would never
> happen to me! There are laws against that! You are a security freak.)
>
> I want to develop FOSS and feel obligated to get a key to protect uses
> of the software I'm modifying from MITM attacks.
>
> Thanks, David
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
Hi David,

I know that problem. But I did the following: I used "The Harvester" [1]
and did a search on the domain of my university on public key servers
and found out many people here, who use GPG. I just started e-mailing
some of them and met them to cross sign the keys. So my suggestion is,
look up the mail-addresses of a university when you are (for some
reasons) in that city. Okay, this requires you to travel, but you can
try that if you are in some other city for some reason.

I am active member of a local association and there are some people
using GPG, too. So to make it more comfortable to others, we created an
extra key, stored it on a smart-card and use this key to sing our keys.
This is uploaded on out website and people who trust out SSL-CA
(cacert.org) could think of trusting this key in addition to it's own
WoT. We also put up our finger-prints to the contact fields of our
members (from those, who have GPG).

Additionally, you could add your GPG-finger-print to every presentation
you'll hold at university. This might also help.


[1]: https://code.google.com/p/theharvester/
[2]:

-- 
I use GnuPG (GPG) for E-Mail encryption and signing. If you want some privacy, my public key ID is 2F9D4F14. The file "singature.asc" this message includes contains a cryptographic signature which enables you to verify this E-Mail really was written by me.

Christopher Beck, DL1CHB

Gerhart-Hauptmann-Str. 1
91058 Erlangen
Tel.: 09131 / 9245437
Fax.: 09131 / 8148708
Jabber: beckus at jabber.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20151001/068d1ba5/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20151001/068d1ba5/attachment.sig>

More information about the Gnupg-users mailing list