Re: [Debconf-discuss] Last call for keys for keysigning in New York City, USA during DebConf10

To: debconf-discuss@lists.debconf.org
Subject: Re: [Debconf-discuss] Last call for keys for keysigning in New York City, USA during DebConf10
From: Lars Wirzenius <liw@liw.fi>
Date: Mon, 19 Jul 2010 22:04:19 -0700
Message-id: <[🔎] 1279602259.2213.40.camel@havelock>
In-reply-to: <[🔎] 4C4519FB.80608@fifthhorseman.net>
References: <20100719041951.GF4428@mapuche.apana.org.au> <[🔎] 20100720024504.GB4157@mapuche.apana.org.au> <[🔎] 4C4514B2.10504@complete.org> <[🔎] 4C4519FB.80608@fifthhorseman.net>

On ma, 2010-07-19 at 23:37 -0400, Daniel Kahn Gillmor wrote:
> RSA keys of 2048-bits or longer are recommended, with
> self-certifications using SHA-256 or stronger.  More detailed
> recommendations can be found here:
> 
>  https://we.riseup.net/riseuplabs+paow/openpgp-best-practices#openpgp-key-checks

From the web page:

        self-signatures must not use MD5

        You can check this by doing:

        gpg --export-options export-minimal --export <keyid> | gpg
        --list-packets |grep -A 2 signature|grep 'digest algo 1,'

This is not very explicit about what the output should be, or what lack
of output does. I'd extrapolate from the rest of the page and from what
I know about Unix command line use, but I've found gpg to be rather hard
to use right, and even harder to be confident about.

Is there an actual "gpg lint" kind of tool anywhere? I _think_ I made a
sufficiently good key last year, but I am not certain about it, and it
is possible the above MD5 test is failing.

Failing that, are there instructions for creating a new key?

(I'm not participating in the keysigning party anyway, but I'd be happy
to sign keys otherwise.)

Reply to:

Follow-Ups:
- Re: [Debconf-discuss] Last call for keys for keysigning in New York City, USA during DebConf10
  - From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
- Re: [Debconf-discuss] Last call for keys for keysigning in New York City, USA during DebConf10
  - From: Jimmy Kaplowitz <jimmy@debconf.org>
- Re: [Debconf-discuss] Last call for keys for keysigning in New York City, USA during DebConf10
  - From: micah anderson <micah@riseup.net>

References:
- Re: [Debconf-discuss] Last call for keys for keysigning in New York City, USA during DebConf10
  - From: Aníbal Monsalve Salazar <anibal@debian.org>
- Re: [Debconf-discuss] Last call for keys for keysigning in New York City, USA during DebConf10
  - From: John Goerzen <jgoerzen@complete.org>
- Re: [Debconf-discuss] Last call for keys for keysigning in New York City, USA during DebConf10
  - From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Prev by Date: Re: [Debconf-discuss] Last call for keys for keysigning in New York City, USA during DebConf10
Next by Date: Re: [Debconf-discuss] Last call for keys for keysigning in New York City, USA during DebConf10
Previous by thread: Re: [Debconf-discuss] Last call for keys for keysigning in New York City, USA during DebConf10
Next by thread: Re: [Debconf-discuss] Last call for keys for keysigning in New York City, USA during DebConf10
Index(es):
- Date
- Thread