On Tue, Sep 2, 2014 at 3:36 PM, Italo Vignoli <[email protected]> wrote: > Pete Stephenson wrote: > >> Users should download the keylist (which is also signed by my PGP key, >> 0x85EB9F44), compute the SHA256 and RIPEMD160 hashes of the list in >> accordance with the directions, print out the last, and write the >> hashes they computed in pen on the list. These hashes will then be >> compared with the hash computed by me, which I will display at the >> KSP. This way people can be assured that the list they printed out >> matches precisely with the official list and there's been no >> modifications. > > This is beyond my technical skills. I have uploaded the key to the > keyserver, using the Terminal, but this has already represented a huge > effort on my side. I do not use the Terminal, as I am a normal user, so > I will be coming to the party but do not expect hashes (maybe ashes...) > from me.
Hi Italo (and others attending the conference and KSP), Command-line GPG commands can be arcane and daunting if you're not familiar with it. Sorry. :/ I was going to write up some detailed how-to guides with images and put them online, but I've been a bit busy with a new baby and haven't had the time yet. I'll try to have some guides up later tonight. I'll try to explain how to download and calculate the hashes on the keylist in a step-by-step manner for the Mac. Fortunately, it only involves executing three commands from the terminal which you can copy-paste from this message. 1. Open the Terminal. 2. Download the keylist by executing the following command in the Terminal: curl "https://libo2014.keysigning.ch/files/ksp-libo2014.txt"; -o ksp-libo2014.txt That command will download the keylist and save it as "ksp-libo2014.txt" in your home directory. Keep the Terminal open for the time being. 3. Open the keylist file in a text editor (TextEdit is the default text editor for Mac OS X) and print it out. (I assume that you know how to open and print text files.) After printing it, close TextEdit. 4. Back in the Terminal, compute the hashes of the keylist by running these two commands one after the other: gpg --print-md SHA256 ksp-libo2014.txt gpg --print-md RIPEMD160 ksp-libo2014.txt You should hand-write the hashes in the spaces provided in the printed keylist and bring it with you to the keysigning party. At the party I'll display the hashes I calculated when the keylist was generated -- they should match exactly with those that you've computed. This provides a strong assurance that the keylist you printed out is exactly the same as the official one and makes life considerably easier: rather than verifying the fingerprint on each key separately, you'd just need to verify (1) that your key's fingerprint on the list is correct, (2) the hashes of your copy of the list match the hashes I display at the keysigning party, and (3) each person on the list attests at the keysigning party that their fingerprint on the list is correct. Here's an example of what it looks like from my terminal (I'm using Linux, but it should look essentially the same for a Mac): pete@kaylee ~ $ curl "https://libo2014.keysigning.ch/files/ksp-libo2014.txt"; -o ksp-libo2014.txt % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 10933 100 10933 0 0 58082 0 --:--:-- --:--:-- --:--:-- 79224 pete@kaylee ~ $ gpg --print-md SHA256 ksp-libo2014.txt ksp-libo2014.txt: EXAMPLE1 EXAMPLE1 EXAMPLE1 EXAMPLE1 EXAMPLE1 EXAMPLE1 EXAMPLE1 EXAMPLE1 pete@kaylee ~ $ gpg --print-md RIPEMD160 ksp-libo2014.txt ksp-libo2014.txt: EXAM PLE2 EXAM PLE2 EXAM PLE2 EXAM PLE2 EXAM PLE2 Hopefully that straightens things out a bit. If you have any other questions, let me know. Cheers! -Pete -- Pete Stephenson -- To unsubscribe e-mail to: [email protected] Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/conference/ All messages sent to this list will be publicly archived and cannot be deleted
