Jim Pick

• Home
• Services
• Profile
• Contact
• GPG

GPG

Jim Pick’s Public DSA GnuPG Key

pub  1024D/FF692BCB 2002-09-01 Jim Pick 
     Key fingerprint = 7E96 84B1 E829 57F0 6F06  2642 1B6A 4317 FF69 2BCB
uid                            Jim Pick 
sub  1024g/FD6CFFA6 2002-09-01

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.2 (GNU/Linux)

mQGiBD1yTQQRBACyWskDfu/UqBLh/HGVsNejfydrBKcnWvWFKeyNd9hNudmhGXww
9MdWqr9/BIGvULyhz42WUtMjJ344DV0eaS7YvT/USi4YTtHfGxvr17NHn6Hfl1v+
8ngRRbKpqRqaAhsPbdyYEt5ZDV9ghDI4/i62BsJFZf9B8JJzJjVziUSjVwCgiKFQ
h7yBk7MGyTHJzhZzkMrQ6QUD/jyhu57k7tOjDPXSCT9AuUmQ+wL1MZOIJJW8DywN
kQNUKnp/ufecguh5PaV6si9dX3kfy9tcvl/6AxhfIMsu8a3E+W8Epj4SFUuW7jrG
Fw5JuvQEONefjnO/S7MWWE5pMZAtrPXhs4CCf/81+g9c6Qvw3Wef1IIq2w7Rqq5L
u2+xBACi7bLH3gtv8ItQTiJPkyDbcQRbZ+Psw5QZCEAShTzLgKuf5MBw/zA57FLc
dwz7C0cQe7TRrQ34+K0xrzR5JZaDfF5sDoxNnW4Iz5aPuetfl4mpoPwvrmqKbkF1
dmsf3aYwQTY5nQ51pyKcFCfUWhHQo4CxAiLvIuCSmz/Qfg43UrQaSmltIFBpY2sg
PGppbUBqaW1waWNrLmNvbT6IWgQTEQIAGgUCPXJNBAULBwMCAQMVAgMDFgIBAh4B
AheAAAoJEBtqQxf/aSvLI5QAn2QPiSrQwv/eQEg2pl6oqVswMGgSAJ9y2BoHsqfi
S7AlJTabvuX56ZSvKoicBBMBAQAGBQI9ck1dAAoJEOQz770qyIfJvzkD/ixLUO+u
Ki6QOBlgyHYBUGeo69CoDMybQHkJSLTz/Rv3zG6FBW2UG8llTEp8d4eJbWdzm1Wi
l2ya4VWSccMdQq2IxjTZB/zNW34VB0F2ZGwcWLnkrKCw4llHxfG4gCXnw2ja58hj
5cu58B0yfFYR1bmbaSe0V22oTCwMIzQ93XtmiEYEEBECAAYFAj11floACgkQCSK0
FBBEd11PWgCfdrhUVGrLZJEJ+upIw9KCVpNb6wgAn0YzoXSktUIvazw9iCYLvr5U
5p4PiEYEExECAAYFAj3GCNQACgkQm4HggGepcooSegCeLMeJS51n1VBL7aLyF2TF
s1srntAAnigDyi1K5j1haFGkXW+xNFyKTtOJiEYEEhECAAYFAj7sqccACgkQST1m
+6jv1gMZHgCeJXhxovFljFz38efa9yLsCNXWuycAnAtBqqM6P6zH0EFs/MnH8r+w
X9sctBhKaW0gUGljayA8amltQGthZmZlLm9yZz6IXQQTEQIAHQUCPtI+LAIbAwUL
BwMCAQMVAgMDFgIBAh4BAheAAAoJEBtqQxf/aSvLvkAAnRjeK0FBExf/5oh7qe9A
efjXlaRNAJ9dH0Yr/fWASpp1EPIXUjVN9+Miv4hGBBARAgAGBQI+6Vi5AAoJEKyN
1JtciP+ds8YAniZlbXf13gMUgRV4zuXXJizPolepAKCO72qrZXWmSeP0NMgQgvF0
af1pgIkAlQMFED7pWLz9H/fh3ObOIQEBYgUD/1VXcYjNaPHs8Obo3zjf9HLkn+v0
AzKVzHqRAeVrrEFbP0XyOAAhieyV5ZrYG0p4O1uhYILvMvtTn1bL7LNuQOzbppNy
/axzzNIya7MdGmkpx71rSddofN+qhxa31Fjk7MbzxA3Jm9lP6qtWrz079yl9wdaN
Bzoj7WGwWJhXBGo3iEYEEhECAAYFAj7sqb8ACgkQST1m+6jv1gOSEQCfWgqo7RMh
oXnc93I+jjSWrvgfrqsAn2BtfIQHKT1z2EHSS/jyA5dToO4RuQENBD1yTQQQBACt
6RveGv7iGbDru4hxS+4MCMOYd4vN6VO+hE2gx4ilih5CYdw9mM5T8mJ/eluKQPbH
ALDxIj7xmYxR0kKnzRJE402Cmcj8CyhaztPid9mRgy8Prsidq9+0YY4qgnuMn8H3
lZW2CnHnHpdE7RHGT0+ax12oEIuMCliYpWmKtxLgTwADBQQAl1ruLWeSVWJw4CnG
QsZvtJyM3HckaFeML/vdih7d4m3ali1L7wRV2g0feGvv572ozSCaPB9XVOZAVwmb
yV1ahYbk0ST5zOSW4Kof/M1T982K1NXQAXRLFUwTe1hMQGMKe8+6ysBOjoShEb79
2SwjEHpp0+yBkG1wyw90637RUZSIRgQYEQIABgUCPXJNBAAKCRAbakMX/2kry+4c
AJ9Wwx5CGHkKPD+m4xJUALrOPOgpRgCfbu/AEpVRafCtj10U6dwAioRVzjQ=
=9Bw2
-----END PGP PUBLIC KEY BLOCK-----

You can view this same key from the Debian keyring – you should probably use that one if you are interested in signing my key, as that may contain more signatures.

It’s also in the Kaffe.org keyring.

It’s also at keyserver.net.

Because this key does not use patented algorithms, it’s preferable.

Here’s Debian’s GPG Signing Coordination page.

In the past, I used some other keys, but I’m not planning on using those anymore.

Keysigning

“Lifted” from http://www.debian.org/events/keysigning

Since a lot of developers meet at trade shows or conferences they
have become a nice way to get other people sign ones GnuPG key and
improve the web of trust. Especially for people who are new to the
project, keysigning and meeting other developers has been very
interesting.

This document intends to help you with running a keysigning
session. People should only sign a key under at least two conditions:

1. The key owner convinces the signer that the identity in the UID is
   indeed their own identity by whatever evidence the signer is
   willing to accept as convincing. Usually this means the key owner
   must present a government issued ID with a picture and information
   that match up with the key owner. (Some signers know that
   government issued ID’s are easily forged and that the trustability
   of the issuing authorities is often suspect and so they may require
   additional and/or alternative evidence of identity).

2. The key owner verifies that the fingerprint of the key about to be
   signed is indeed their own.

Most importantly, if the key owner is not actively participating in
the exchange, you won’t be able to complete either requisite 1 or 2.
Nobody can complete the key owner’s part of requisite 1 on the key
owner’s behalf, because otherwise anyone with a stolen ID card could
easily get a PGP key to go with it by pretending to be an agent of the
keyowner. Nobody can complete the key owner’s part of requisite 2 on
the key owner’s behalf, since the agent could substitute the
fingerprint for a different PGP key with the key owner’s name on it
and get someone to sign the wrong key.

• You need printed out GnuPG fingerprints and an identity card to
  prove your identity (passport, drivers license or similar).

• The fingerprints are given to other people who ought to sign your
  key after the meeting.

• If you don’t have a GnuPG key yet, create one with gpg --gen-key.
• Only sign a key if the identity of the person whose key to sign
  is proven.

• After the meeting you’ll have to fetch the GnuPG key in order to
  sign it. The following may help:

  
         gpg --keyserver keyring.debian.org --recv-keys 0xDEADBEEF
  

  If the person whose key you want to sign is not in the Debian
  keyring, replace keyring.debian.org with a public
  keyserver like pgpkeys.pgp.net (which despite the name
  also stores GnuPG keys.)

  Note we can use the last eight hex digits of the key in this and
  other GnuPG operations. The 0x in front is also optional.

• To sign the key, enter the edit menu with

         gpg --edit-key 0xDEADBEEF
  

• In GnuPG select all uids to sign with uid n, where
  n is the number of the uid shown in the menu. You can
  also press enter to sign all the uids.
• To sign a key, enter sign. You will then be shown
  the fingerprint of they key which you have to compare with the
  one you’ve got from the person you met.

• Quit GnuPG with quit
• To verify you have signed the key correctly, you can do:

         gpg --list-sigs 0xDEADBEEF
  

  You should see your own name and fingerprint (in short form) in the
  output.

• Once you make sure everything went fine, you can send the signed key to
  its recipient by doing:

         gpg --export -a 0xDEADBEEF > someguys.key
  

  The -a option exports the key in ASCII format so it can
  be emailed without possibility of corruption.

• If someone signs your key in this manner, you can add it to the Debian
  keyring by doing:

  
         gpg --import mysigned.key
         gpg --keyserver keyring.debian.org --send-keys <your key id>
  

  It may take a while for the keyring maintainers to update your key so
  be patient. You should also upload your updated key to the public
  keyservers.

What you should not do

You should never sign a key for somebody else you haven’t met
personally. Signing a key based on anything other than first-hand
knowledge destroys the utility of the Web of Trust. If ones friend
presents other developers with your ID card and your fingerprint, but
you are not there to verify that the fingerprint belongs to you, what
do other developers have to link the fingerprint to the ID? They have
only the friend’s word, and the other signatures on your key — this
is no better than if they signed your key just because other people
have signed it!

It is nice to get more signatures on ones key, and it is tempting
to cut a few corners along the way. But having trustworthy signatures
is more important than having many signatures, so it’s very important
that we keep the keysigning process as pure as we can. Signing
someone else’s key is an endorsement that you have first-hand evidence
of the keyholder’s identity. If you sign it when you don’t really
mean it, the Web of Trust can no longer be trusted.