-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.html
390 lines (332 loc) · 13.3 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Introduction to PGP</title>
<meta name="description" content="A framework for easily creating beautiful presentations using HTML">
<meta name="author" content="Hakim El Hattab">
<meta name="apple-mobile-web-app-capable" content="yes" />
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent" />
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
<link rel="stylesheet" href="css/reveal.min.css">
<link rel="stylesheet" href="css/theme/default.css" id="theme">
<!-- For syntax highlighting -->
<link rel="stylesheet" href="lib/css/zenburn.css">
<!-- If the query includes 'print-pdf', use the PDF print sheet -->
<script>
document.write( '<link rel="stylesheet" href="css/print/' + ( window.location.search.match( /print-pdf/gi ) ? 'pdf' : 'paper' ) + '.css" type="text/css" media="print">' );
</script>
<!--[if lt IE 9]>
<script src="lib/js/html5shiv.js"></script>
<![endif]-->
</head>
<body>
<div class="reveal">
<!-- Any section element inside of this container is displayed as a slide -->
<div class="slides">
<section>
<h1>Introduction to PGP</h1>
<p>ChangZhuo Chen (<a href="mailto:[email protected]">[email protected]</a>)</p>
<p>PGP Key: <a href="http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0xBE0C924203F4552D">EC9F 905D 866D BE46 A896 C827 BE0C 9242 03F4 552D</a></p>
</section>
<section>
<h1>LICENSE</h1>
<p><a href="http://creativecommons.org/licenses/by-sa/3.0/">CC-BY-SA 3.0</a></p>
</section>
<section>
<h2>The Purposes of PGP</h2>
<ul>
<li>Verify signature of message</li>
<li>Send an encrypted message</li>
</ul>
</section>
<section>
<h2>Scenario - Verify Signature</h2>
<ul>
<li>You sign a message with your <em>private key.</em></li>
<li>Recipient verify the message with your <em>public key.</em></li>
</ul>
<p></p>
</section>
<section>
<h2>Secnario - Receive Encrypted Message</h2>
<ul>
<li>Someone encrypts a message with your <em>public key</em>.</li>
<li>You decrypt the message with your <em>private key</em>.</li>
</ul>
</section>
<section>
<h2>Requirement</h2>
<ul>
<li>Others need to know your public key if you want to send a signed message.</li>
<li>You need to know others public key if you want to send encrypted message.</li>
</ul>
</section>
<section>
<p>In short, you need to join keysigning party to ensure the ownership of PGP key.</p>
</section>
<section>
<h2>Generate a PGP Key</h2>
<p>Use <a href="http://www.gnupg.org/">GNU Privacy Guard (GnuPG)</a></p>
</section>
<section>
<p>A key in GnuPG may contain the following items:</p>
<ul>
<li>Master Key</li>
<li>Subkey</li>
<li>Usage</li>
<li>Fingerprint</li>
<li>Expired Date</li>
<li>UID</li>
<li>Signature</li>
</ul>
</section>
<section>
<h2>Master Key</h2>
<ul>
<li>Key of key</li>
<li>Shall be stored in offline media</li>
</ul>
</section>
<section>
<h2>When to Use Master Key?</h2>
<ul>
<li>when you certify someone else's key</li>
<li>when you need to create a new subkey</li>
<li>when you need to revoke the subkeys</li>
</ul>
</section>
<section>
<h2>Subkey</h2>
<ul>
<li>Another key pair managed by master key</li>
<li>Can be used to signing and encrypt</li>
</ul>
</section>
<section>
<h2>Usage of Key</h2>
<ul>
<li>S: Key is good for signatures.</li>
<li>E: Key is good for encryption.</li>
<li>C: Key is good to certify other keys.</li>
<li>A: Key is good for authentication (no used).</li>
</ul>
<p></p>
</section>
<section>
<h2>Key Usage Configuration</h2>
<ul>
<li>Default master key has usage SC.</li>
<li>Master key is the only key that has C.</li>
<li>For encryption, you need to generate a subkey with E.</li>
<li>For convenient, you can generate a subkey with S.</li>
</ul>
</section>
<section>
<pre><code data-trim contenteditable>
czchen@kelemvor:~% gpg --edit-key $PGPKEY
gpg (GnuPG) 1.4.12; Copyright (C) 2012 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Secret key is available.
pub 4096R/03F4552D created: 2013-07-29 expires: 2013-12-31 usage: SC
trust: ultimate validity: ultimate
sub 4096R/F2B3DABF created: 2013-07-29 expires: never usage: E
sub 4096R/285C6865 created: 2013-07-29 expires: never usage: S
[ultimate] (1). ChangZhuo Chen (陳昌倬) <[email protected]>
[ultimate] (2) [jpeg image of size 4949]
</code></pre>
</section>
<section>
<h2>Fingerprint</h2>
<p>Use to identify a key</p>
<pre><code data-trim contenteditable>
czchen@kelemvor:~% gpg --fingerprint $PGPKEY
pub 4096R/03F4552D 2013-07-29 [expires: 2013-12-31]
Key fingerprint = EC9F 905D 866D BE46 A896 C827 BE0C 9242 03F4 552D
uid ChangZhuo Chen (陳昌倬) <[email protected]>
uid [jpeg image of size 4949]
sub 4096R/F2B3DABF 2013-07-29
sub 4096R/285C6865 2013-07-29
</code></pre>
</section>
<section>
<h2>Expired Date</h2>
<p>It is good to set a expired date because:</p>
<ul>
<li>You may lost your master private key, and revocation certificate.</li>
<li>It forces others to refresh your key in their keyring.</li>
<li>You can adjust the expired date by your private master key.</li>
</ul>
</section>
<section>
<pre><code data-trim contenteditable>
czchen@kelemvor:~% gpg --list-keys $PGPKEY
pub 4096R/03F4552D 2013-07-29 [expires: 2013-12-31]
uid ChangZhuo Chen (陳昌倬) <[email protected]>
uid [jpeg image of size 4949]
sub 4096R/F2B3DABF 2013-07-29
sub 4096R/285C6865 2013-07-29
</code></pre>
</section>
<section>
<h2>UID</h2>
<ul>
<li>UID is your identity (name + email or photo)</li>
<li>A key can have many uid for different email</li>
<li>Generally require 2 forms of government-issued photo ID to prove your identity</li>
<li>Other can reject to certify your key due to inproperly UID</li>
</ul>
</section>
<section>
<h2>Signature</h2>
<ul>
<li>Someone can certify your UID to prove the ownership of your key.</li>
<li>Master key crertifies all its UID and subkey with certificate check level 3.</li>
<li>You can certify UID with different certificate check level, see manual for more information.</li>
</ul>
</section>
<section>
<pre><code data-trim contenteditable>
pub 4096R/03F4552D 2013-07-29 [expires: 2013-12-31]
uid ChangZhuo Chen (陳昌倬) <[email protected]>
sig 3 03F4552D 2013-08-11 ChangZhuo Chen (陳昌倬) <[email protected]>
sig 524E09E7 2013-08-03 Chu-Siang Lai (凍仁翔) <[email protected]>
sig E6A6C7C0 2013-08-03 Yao-Po Wang (王堯坡) <[email protected]>
sig 2 E9D4AEB6 2013-08-03 Wei-Cheng Pan (潘韋成) <[email protected]>
</code></pre>
</section>
<section>
<h2>Generate PGP Key</h2>
<pre><code data-trim contenteditable>
czchen@kelemvor:~% gpg --gen-key
gpg (GnuPG) 1.4.12; Copyright (C) 2012 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
...
</code></pre>
</section>
<section>
<h2>Generate Subkey</h2>
<pre><code data-trim contenteditable>
czchen@kelemvor:~% gpg --edit-key $PGPKEY
gpg (GnuPG) 1.4.12; Copyright (C) 2012 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Secret key is available.
pub 4096R/03F4552D created: 2013-07-29 expires: 2013-12-31 usage: SC
trust: ultimate validity: ultimate
sub 4096R/F2B3DABF created: 2013-07-29 expires: never usage: E
sub 4096R/285C6865 created: 2013-07-29 expires: never usage: S
[ultimate] (1). ChangZhuo Chen (陳昌倬) <[email protected]>
[ultimate] (2) [jpeg image of size 4949]
gpg> addkey
...
</code></pre>
</section>
<section>
<h2>Send Your Key to Keyserver</h2>
<pre><code data-trim contenteditable>
gpg --send-keys $PGPKEY
</code></pre>
</section>
<section>
<h2>Export Key to Other Computer</h2>
<pre><code data-trim contenteditable>
# Export public key
gpg --armor --output $PUB --export $PGPKEY
# Export private subkey (dangerous!)
gpg --armor --output $PRISUB --export-secret-subkeys $PGPKEY
# Export private master key (extreme dangerous!!)
gpg --armor --output $PRI --export-secret-keys $PGPKEY
</code></pre>
</section>
<section>
<pre><code data-trim contenteditable>
czchen@mystra:~% gpg --list-secret-keys $PGPKEY
sec# 4096R/03F4552D 2013-07-29 [expires: 2013-12-31]
uid ChangZhuo Chen (陳昌倬) <[email protected]>
uid [jpeg image of size 4949]
ssb 4096R/F2B3DABF 2013-07-29
ssb 4096R/285C6865 2013-07-29
</code></pre>
</section>
<section>
<h2>Join Keysigning Party</h2>
<ul>
<li>You shall send your key to keyserver.</li>
<li>You shall send your key information to coordinator.</li>
<li>You shall check your key to ensure others get your key correctly.</li>
<li>You shall provide 2 government-issued photo IDs to prove your identify.</li>
<li>You shall ensure others check their keys.</li>
<li>You shall check others' government-issued photo IDs.</li>
</ul>
</section>
<section>
<h2>After Keysigning Party</h2>
<ol>
<li>Import all keys you want to certify (gpg --recv-keys $KEYID)</li>
<li>Certify these keys (gpg --sign-key $KEYID)</li>
<li>Export these keys (gpg --armor -o $SIGNATURE --export $KEYID)</li>
<li>Encrypt them with owner encrypt key (gpg -r $KEYID $SIGNATURE)</li>
<li>Email $SIGNATURE to its owner</li>
<li>Remove all imported keys (gpg --delete-key $KEYID)</li>
</ol>
</section>
<section>
<p>Or you can just use caff in signing-party package in debian/ubnutu</p>
</section>
<section>
<h2>Receive Signature from Other</h2>
<ol>
<li>Decrypt it (gpg -o $SIGNATURE -d $MSG)</li>
<li>Import it (gpg --import $SIGNATURE)</li>
<li>Check if the signature is correctly signture to you by sender</li>
<li>Upload your key (gpg --send-keys $PGPKEY)</li>
</ol>
</section>
<section>
<h2>References</h2>
<p><a href="https://wiki.debian.org/subkeys">Using OpenPGP subkeys in Debian development</a></p>
<p><a href="http://www.g-loaded.eu/2010/11/01/change-expiration-date-gpg-key/">How to change the expiration date of a GPG key</a></p>
<p><a href="https://www.debian-administration.org/users/dkg/weblog/97">OpenPGP User ID Comments considered harmful</a></p>
<p><a href="http://www.codemud.net/~thinker/GinGin_CGI.py/show_id_doc/478">保護你的隱私,從 PGP 開始!</a></p>
<p><a href="http://blog.nutsfactory.net/2013/08/08/coscup-2013-key-signing-party-tips/">COSCUP 2013 Key Signing Party 兩三事</a></p>
</section>
</div>
</div>
<script src="lib/js/head.min.js"></script>
<script src="js/reveal.min.js"></script>
<script>
// Full list of configuration options available here:
// https://github.com/hakimel/reveal.js#configuration
Reveal.initialize({
controls: true,
progress: true,
history: true,
center: true,
theme: Reveal.getQueryHash().theme, // available themes are in /css/theme
transition: Reveal.getQueryHash().transition || 'default', // default/cube/page/concave/zoom/linear/fade/none
// Optional libraries used to extend on reveal.js
dependencies: [
{ src: 'lib/js/classList.js', condition: function() { return !document.body.classList; } },
{ src: 'plugin/markdown/marked.js', condition: function() { return !!document.querySelector( '[data-markdown]' ); } },
{ src: 'plugin/markdown/markdown.js', condition: function() { return !!document.querySelector( '[data-markdown]' ); } },
{ src: 'plugin/highlight/highlight.js', async: true, callback: function() { hljs.initHighlightingOnLoad(); } },
{ src: 'plugin/zoom-js/zoom.js', async: true, condition: function() { return !!document.body.classList; } },
{ src: 'plugin/notes/notes.js', async: true, condition: function() { return !!document.body.classList; } }
// { src: 'plugin/search/search.js', async: true, condition: function() { return !!document.body.classList; } }
// { src: 'plugin/remotes/remotes.js', async: true, condition: function() { return !!document.body.classList; } }
]
});
</script>
</body>
</html>