Penn Computing

Penn Computing
Computing Menu Computing A-Z
Computing Home Information Systems & Computing Penn

 

Sunday, July 20, 2008
 
  Security Checklists & Policies
Secure desktop computing
Secure servers
Secure web applications
Tips for safe computing
Computing policies
 
  Email
Harassment & Forgery
Hoaxes, frauds & scams
Spam & Email relays
Encryption & digital signatures
 
  More in-depth information for
Local support providers
System administrators
Application developers
 
  Security initiatives
Critical host compliance
Authentication & authorization
Penn Security & Privacy Assessment (SPIA)
 
  Related links
Electronic privacy
PennKey
Viruses
Worms, trojans, backdoors

PGP Key Signing Party Procedures

1.  If you haven't already done so, download PGP from MIT's website http://web.mit.edu/network/pgp.html  and follow the instructions to create your public/private keypair.  We recommend a key length of 2048 bits. [If you've already created one at 1024 bits, don't worry about it.  It's probably going to be sufficient for years to come.  But 512 is just too short nowadays.]

2.  Please RSVP to security@isc.upenn.edu including your public key and PGP fingerprint in email no later than two working days prior to the key signing party.

Windows Instructions:  To send your public key to us in email, launch PGP Keys (On Windows, Start->Programs->PGP->PGPKeys).  Scroll down in the PGPKeys window to your keypair.  Right click on your  key, and then drag to Copy.  Go to email and paste your public key into your email message.  Go back to PGPKeys and right click on your public key,  then click on Key Properties.  Be sure that the "Hexadecimal" box is clicked in the the "Fingerprint" section.  Cut and paste your Hexadecimal fingerprint from PGPKeys into your email message.  (We're not especially partial to hex - - it's just that the GUI doesn't seem to give you an easy way to cut and paste it, and nobody likes to re-type sixteen words.)

Mac Instructions: (TBD)

3.  Information Security will collate the keys and print enough copies of the list of names/fingerprints so that once everyone shows up, each person can get a handout.

4.  Come to the keysigning party on the appointed date.  Bring your PennCard to identify yourself, and bring along a printed (or otherwise readable) copy of your public key and your fingerprint.

5.  After showing a PennCard to confirm identity, everyone will read off their fingerprint (using the copy that they brought with them in step 3, above).  Each attendee will verify the fingerprint read aloud against the one in the handout.  Everyone takes the list of names, signatures and verified fingerprints with them after the meeting (see step 5, below).

6.  Afterwards, Information Security will email all attendees the keys so they can sign them and mail them back to security@isc.upenn.edu .  (Be sure to verify each key with the fingerprints from the list you got in step 4 above at the meeting.)

7.  Once we receive the signed keys, we'll redistribute them back to the owners & attendees in email.

Please remember to send your public keys and fingerprints to security two working days before the key signing party.

Information Security PGP keys area available at:
http://www.upenn.edu/computing/security/pgpkey.php

Last updated: Wednesday, January 3, 2007
top

Information Systems and Computing
University of Pennsylvania
Comments & Questions
Penn Computing University of Pennsylvania
Information Systems and Computing, University of Pennsylvania