Talks
Speakers
Events
Topics
Sign in
Home
Talks
Speakers
Events
Topics
Leaderboard
Use
Analytics
Sign in
Suggest modification to this talk
Title
Description
By, Caleb Thompson The need to keep your personal information, sensitive or nonsensitive, secure from prying eyes isn't new, but recent events have brought it back into the public eye. In this workshop, we'll build and upload public keys, explore Git commit signing, and learn to sign others' PGP keys. If we have time, we'll exchange key fingerprints and show IDs, then discuss signing and verifying gems. You'll need a photo ID and your own computer for this workshop.
Date
Summarized using AI?
If this talk's summary was generated by AI, please check this box. A "Summarized using AI" badge will be displayed in the summary tab to indicate that the summary was generated using AI.
Show "Summarized using AI" badge on summary page
Summary
Markdown supported
In the workshop titled "What is this PGP thing, and how can I use it?", Caleb Thompson explores the concepts and applications of Pretty Good Privacy (PGP) for securing personal communication and data. The purpose of the session is to empower participants with the knowledge to utilize PGP effectively, focusing on practical skills such as building and uploading public keys, and signing Git commits. The workshop includes several key elements: - **Introduction to PGP**: Caleb defines PGP and explains the importance of key pairs comprising a public key (for encryption and verification) and a private key (for decryption and signing). He emphasizes the significance of keeping private keys secure and never sharing them online. - **Software Setup**: Participants are instructed to use GPGTools, a suite of programs to manage PGP functions. Caleb stresses the importance of verifying software installation to ensure the integrity and security of the tools being used. - **Creating Key Pairs**: The step-by-step process for generating a key pair is demonstrated. Caleb discusses key expiration to prevent lost keys from remaining valid indefinitely and encourages signing emails and Git commits as a security best practice. - **Signing and Verifying Commits**: The workshop highlights how to configure Git for signing commits and how to verify those signatures. This adds a layer of authenticity to contributions in collaborative projects. - **Challenges with Gem Security**: Caleb addresses the specific challenges with signing gems in Ruby, including the use of OpenSSL keys and the absence of a centralized trust authority, contrasting it with the PGP network that supports a web of trust. - **Importance of Trust**: The conversation covers the relevance of trust in cryptographic signatures and the need for robust systems for establishing trust within software ecosystems. Caleb advocates for stronger connections in the community to ensure secure practices in software distribution. The workshop concludes with a call for action: participants are encouraged to establish a web of trust and verify signatures whenever installing software to enhance overall security in their digital interactions. With these skills, attendees leave equipped to protect their communications and collaborations more effectively.
Suggest modifications
Cancel
