Descriptive Sites by Others
These folk have written good descriptions so I present them here.
Main Systems Used
- PGP (Pretty Good Privacy) - A program originally written by Phil Zimmerman to make strong
cryptography widely available in cyberspace. PGP introduced the idea of the "Web of Trust" (WoT) for
deciding how much trust to place in an individual's key. The WoT is based on the idea of friends
introducing friends one to another as the basis of trust. PGP is available as freeware from pgpi.org
(http://www.pgpi.org/products/pgp/versions/freeware/) for non-commercial use. The commercially usable
edition is available, as a boxed CD-ROM or download, from PGP.com
for $99.00.
- S/MIME (Secure / MIME) - A net standard developed using elements from the ITU-T (then CCITT)
X.500 Directory Services standards to add encryption and digital signatures to the MIME standard for
e-mail messages. In this environment the trust level of a key is based on a chain of digital certificates
(based in the X.509 standard) leading back to a "well known" centralized Certifying Authority (CA), for
example VeriSign, thawte Consulting, Canada Post Corporation or USPS.
S/MIME Digital Certificate Sources
- VeriSign - $19.95 per year, your credit card and receiving an e-mail at the given address
proves ID, enroll at
http://www.verisign.com/products/class1/index.html
- thawte Freemail/WoT - FREE! At the most basic level proves you have
access to the e-mail address given (as "Thawte Freemail Member").
thawte has adapted the Web of Trust idea to the issuance of X.509
Certificates through a network of Digital Notaries. Depending on the experience of the Notaries by
presenting proof of identity to between 2 and 5 Notaries you will be able to include your name in your
Freemail certificates. See below for how to get a Freemail certificate.
Advanced Preparation for Meeting with A WoT Notary
Please, use this list to prepare for meeting with a Digital Notary to assert your identity. Completion
of steps 1-5 prior to the meeting will save time for everyone.
- Go to the thawte web site (http://www.thawte.com/) for a description of the certificates and their
uses.
- Sign up for the Freemail certificate program by choosing the
Join link. [NOTE:
Your thawte ID can be either your verified e-mail address or the
CC-nid-1 format, YOUR choice. (Personally, I'd suggest an e-mail address that's unlikely to change.)]
- Respond as requested to the e-mail verifying your e-mail address. Once you submit the the probe and
ping you do not have to request a certificate immeadiately (see next step).
- Unless you NEED a certificate prior to the meeting, WAIT to request certificates until after you have
been notarized to the 50 point level and can get certificates with your name in them. You will be able to
achieve this level at the MeetUp as there will be two of us able to assert your identity.
- Have a photocopy of the below ID(s) for each Notary who will be asserting you. At the MeetUp, there
will be a scanner available on site if you are unable to make copies in advance.
- Bring one or more forms of ID with you to the meeting. One needs to be a photo ID, one must have what
you are using as your "National Identification Number" (NID). If you use your Driver's License Number
for your NID a photo Driver's License alone would be enough. If you use your Social Security Number you
must present your ORIGINAL Social Security Card plus a photo ID.
Advanced Preparation for PGP Key Signing
Please, use this list to prepare for meeting to sign your PGP key. Completion of steps 1-4
prior to the meeting will save time for everyone.
- Secure a copy of the PGP software (see above) install it on your system and generate a key set.
- Self-sign (sign your public key using your private key) your key from step 1.
- Upload your signed public key to one of the well known public PGP keyservers (e.g., http://pgp.mit.edu:11371/).
- Create cards, labels or paper slips with your name, e-mail address, Key type (RSA or DH), Key ID
and Key Fingerprint (Hex preferred).
Real Life Example:
Frank Warren kb4cyc@webwarren.com
DH/DSS Key [ID: 0X635E3B05] Fingerprint (2048/1024 bit):
6618 5D69 12C0 862E BD48 264B E0A8 8296 635E 3B05
RSA Key [ID: 0XE553A1B7] Fingerprint (2048 bit):
1094 D1FA BB10 A415 BA04 8A91 7A6C 5F1D
Bring these with you to exchange at the signing session.
- Bring one or more forms of ID with you to the meeting. One needs to be a photo ID.
A photo Driver's License or State issued ID is enough.
- At the signing, exchange the cards from step 4 with each person you will exchange signatures with
and confirm their identity against their ID, a sight check is enough.
- After the physical meeting, using the data from the slips you collected, download the other public
keys from the keyserver, sign them with your key and copy them back to the server.
NOTE: Most thawte Web of Trust Digital Notaries who also participate in
the PGP Web of Trust will usually also sign your PGP key if you provide the Key ID and Fingerprint when
doing the thawte assertion.
Basic Definitions
- encryption
- Transformation of information in a way to render it not usable to those with
out permission toaccess it.
- decryption
- The recovery of encrypted information.
- hash function
- A function that yields a value that can be used to uniquely identify its
input without a bitfor bit comparison, e.g.., MD5 or SHA-1.
- symmetric cypher
- An encryption system that uses the same key to encrypt and decrypt,
example DES.
- asymmetric cypher
- An encryption system that uses different keys to encrypt and decrypt.
One key, the public key, is distributed widely. The other, private key, is known only to the owner of
the key set.
- digital signature
- A method of proving the authorship and content of an electronic
document such as e-mail. Often the result of a hash function applied to the document then encrypted with
the signer's private key.