Key Signing

The Public/Private Key Systems in My Life

• CAcert for my Client-Side SSL Certificate which as of 4/2009 I mainly use with certifi.ca for OpenID authentication.
• GnuPG and Enigmail for http://biglumber.com/x/web?sn=Danny+Clark (link to https keyring on fsf.org) TODO
• OpenSSH TODO
• OpenVPN TODO

Misc

• PGP pathfinder & key statistics (dclark@pobox.com)
• q-agent - quintuple-agent stores your secrets in a secure manner.

Key Signing Coordination

• Biglumber - key signing coordination (for PGP/GnuPG) (dclark@pobox.com)
• CAcert has forms you can see from your account screen.

Bulk Key Signing

• After the signing party and Later after the signing-party
• keyfoo - do something with a key, and e-mail it to its owner
• GPG public key signing post-party automation with KMail

Bulk Key Signing GUI

All of these solutions seem to be suboptimal w.r.t. remembering how the hell to do them, or getting anyone even vaguely non-technical to participate in the GnuPG web of trust. Writing an easy-to-use GUI for bulk key signing seems like low-hanging fruit to me. Here are some notes from research for such a system that could also be a code.autonomo.us project:

• Pyjamas-Desktop
• PyXPCOMext provides Python Mozilla bindings that enables Python to be used inside of Mozilla applications. The Python bindings are wrapped up in an extension (XPI file) so that users can easily install PythonExt just like any other Mozilla/Firefox extension. The Python bindings are a combination of PyXPCOM and PyDOM.
• HTML 5 Offline Web applications
• Get ready for Firefox 3.0
• Firefox 3 Offline web application support
• Pyjamas embeded server

In-Browser Javascript Server

The Plain Old Webserver uses Server-side Javascript (SJS) to run a server inside your browser. Use it to distribute files from your browser. It supports Server-side JS, GET, POST, uploads, Cookies, SQLite and AJAX. It has security features to password-protect your site. Users have created a wiki, chat room and search engine using SJS.

POW and SJS allow the browser to listen for connections, save to a database and open files on the local file system.

• https://addons.mozilla.org/en-US/firefox/addon/3002
• http://davidkellogg.com/wiki/Main_Page
• http://groups.google.com/group/firefoxpow

Bulk Key Signing Data Entry Automation

Also really annoying is typing in long, meaningless strings - I know that in theory this is solved for well-managed keysignings, but I don't think I've ever been to one of those, and I'd think you would still have to at least do a eyeball diff, which would also be annoying. So we need a quick way of exchanging information in person that is later easily computer-readable. 2D Barcodes would seem to fulfill that requirement; I'm planning on getting one printed on the back of my next set of business cards. They have the added advantage that they are optimized so bad photos of them should work as well. QR Code looks like the way to go. The capacity of QR Code is up to 7000 digits or 4000 characters, and is highly robust.

• QR Code is an open format
• Semapedia's goal is to connect the virtual and physical world by bringing the right information from the internet to the relevant place in physical space.
• Barcode Writer in Pure Postscript
• libqrencode - a C library for encoding data in a QR Code symbol.