Membership of OpenSkills requires that you have an OpenPGP digital key, and that your key:
While keys can be used for all kinds of sophisticated things, basic use is quite easy. For an excellent introduction to OpenPGP, see the Wikipedia entries for The Gnu Privacy Guard (GPG) and Pretty Good Privacy (PGP).
- has your registered email address as a UID
- can be used to encrypt using your public key
- has been signed by at least two other members
If you were to draw a picture with a box for the key of each OpenSkills member, and a line for each signature (the line goes from the box of the signing key to the signed key), you would have a picture of the OpenSkills Identity Matrix.
To make an OpenPGP key for yourself, here is what you need to do:
When your key has been signed and uploaded to a public key server, you can have a look at how many steps you are away from other people in the OpenPGP web of trust. For example, by using the watsap program as hosted by Jörgen Cederlöf.
- Obtain the software to manage OpenPGP keys.
- Create a key of your own.
- Backup your new key (very important!).
- Publish the key so that others can see it.
- Get your key signed by at least two other members.
Once you have your OpenPGP key, you can sign the keys of others and certify that they are who they say they are. This is not to be taken lightly, as the integrity of the identity matrix relies on diligence when signing the keys of others.
Digital keys can be used for much more than just signing other keys. With your key, you can sign email and documents in a way that proves you did sign it. You can encrypt information that can only be unlocked by a specific key - either your key, or the key of another person.
When you make a digital key, you record your name, email address and a comment. Together these pieces of information are called a uid. If you have many email addresses, you may want to have a uid for each. Also, you may change an email address and wish to cancel an old uid.
Links to further reading