Difference between revisions of "User:Midnightcomm/key signing party"

Revision as of 16:00, 28 June 2007

A key signing party is an event where people present their PGP-compatible keys to others in person. An individual's key is than digitally signed by the other attendees—only if they are confident that the key actually belongs to the person who claims ownership. This is usually done by comparing the individual's public key fingerprint, and photo ID (such as a drivers license or passport).

What to Bring

• Pencil or Pen
• Printed copy of your key ID, key type, key fingerprint, and key size.
• Clipboard (optional).

Please do not bring a computer to the party. Why?

Before the Party

Install the GNU Privacy Guard

GPG is a free replacement for PGP, and is included with nearly all Linux distributions. To verify that you have GnuPG installed, open a terminal window and type:

which gpg

If you get which: no gpg in ... than you need to install it.

Generate Key

If you don't already have a GPG key, one must be generated.

gpg --gen-key

For the first three questions just press Enter.

You will be asked for:

• your real name
• email address
• a comment optional

After confirming everything GnuPG will ask for a password. Now, GnuPG will generate a new key for you. Move your mouse around as GnuPG needs random data to work with. It's usually a good idea to produce a revocation certificate after making your new key.

Print key Fingerprint

gpg --fingerprint example@localhost

Replace example@localhost with the email address you gave GnuPG earlier. If it looks okay, print the output and bring it with you on July 11, 2007.

gpg --fingerprint example@localhost | lpr -o landscape

Example Output

pub   1024D/7A63CF54 2007-06-28
      Key fingerprint = 3553 89D7 8959 5663 41C9  4273 EB4D 7D03 7A63 CF54
uid                  Test User <example@localhost>
sub   2048g/0CCBEF4B 2007-06-28

Email public key to coordinator

I will be announcing the key signing party on the mailing list.

Email me your public key (public.key) as an attachment. Type the following into a terminal window, replacing example@localhost with your email address.

gpg --armor --output public.key --export example@localhost

During the Party

Each person will receive a paper sheet listing the participants keys fingerprint, name, and email address.

When your turn comes:

• State your name
• Say your key ID (an eight digit hexdecimal number).
• Read your key fingerprint that you printed at home.

Everyone else will indicate on their sheet that the fingerprints match. You will then walk past everyone else showing photo identification (such as a drivers license or pass port). If the other members are individually convinced that you are the correct person, they will indicate on their paper sheet that you have passed their ID check.

Return to the line and continue participating.

After the Party

FIXME: This section will be expanded after the coordinator has received everyones public keys.

Download peoples keys from the key server subkeys.pgp.net.

gpg --recv-key 7A63CF54 ...

Sign Keys

Verify that the key fingerprint matches the one on your sheet.

Sign the key:

gpg --sign-key 7A63CF54

Repeat the last command with each user's key ID.

Send and Sync

Send the newly signed keys to the public key server:

gpg --send-keys 7A63CF54 ...

After about a week, refresh your GnuPG key-chain to see everyone else's signatures.

gpg --refresh-keys

External links

• Efficient Group Key Signing Method— Len Sassaman and Phil Zimmermann