On Mon, Sep 02, 2013 at 07:27:36PM +1000, Tony Langdon wrote:
I must:
1. Sort out a gpg key and have it signed so LUV can verify my signature
it's easier than you (probably) think. full details at http://www.gnupg.org/gph/en/manual.html but to summarise: 1. generate a key with 'gpg --gen-key'. answer the questions, go with the defaults (but choose at least 2048 bits for the key). you probably want to use your vk3jed@gmail.com address in the user id. you can add additional email addresses / identities later if you want. pick a good pass-phrase for your key. something you'll remember but hard to guess / brute-force. 2. upload it to a key server: gpg --keyserver certserver.pgp.com --send-key vk3jed@gmail.com that's it. done. but read on, there's a little more to do to make your shiny new key more trustworthy. you probably don't have time to get anyone else to sign your key but if there's someone nearby who already has a pgp or gpg key, show them your driver's license, passport or other official ID, and ask them to download your key from the keyserver, sign it, and re-upload it. you'll probably want to print out the key's fingerprint to give to them so that they know they're signing the right key (e.g. in case someone else also uploads a key claiming to be from you). gpg --fingerprint vk3jed@gmail.com if you can get someone else to sign your key, that would be a Good Thing but the key works perfectly well without other signatures - as long as whoever you're using it with decides that they're willing to trust it. signatures from other people just give additional support to the proposition that someone ought to trust your key to identify you. this is the "web of trust", the more people who claim to know you and/or have verified your ID, the better. next time you're in melbourne, or at a geek conference ask around to see if anyone's organising a key-signing or will meet you to sign your key - bring multiple printed copies of the fingerprint to hand out. IIRC Russell has organised several key-signing parties over the years, some here on LUV and some via the debian-melb list.
2. Get my head around the proxy process.
fill in the form, sign it with gnupg, and email it to the LUV secretary your MUA may be able to do the signing for you - mutt can, and thunderbird/icedove has the enigmail extension (which can even do all the key generation and upload stuff for you), and some other MUAs have encryption/signing support too. craig -- craig sanders <cas@taz.net.au>