At the Precise Ubuntu Developer Summit in Orlando Florida, there will be an OpenPGP keysigning party in Grand Sierra E.
Thursday, 3rd of November, 2011 at 18:30.
What is/Why keysigning?
A key signing party is a get-together of people who use the PGP encryption system with the purpose of allowing those people to sign each other's keys. Keysigning parties serve to extend the web of trust (WoT) to a great degree. Keysigning parties also serve as great opportunities to discuss the political and social issues surrounding strong cryptography, individual liberties, individual sovereignty and even implementing encryption technologies or perhaps future work on free encryption software.
How the Keysigning Will Happen
The KSP will be conducted using Len Sassaman's Efficient Group Key Signing Method which is a protocol to do keysignings in a way that is faster than the way many people may be familiar with.
If you intend to participate, please send your ascii-armored public key to firstname.lastname@example.org by the end of the conference day on Wednesday, Nov 2nd, 2011. Attach the key (or keys) as a file (produced e.g. by the following command: gpg --armor --export your-key-id > your-email.asc), and name that file like your email address appended with ".asc" (multiple keys per file/armor are just fine). Preferably do not sign or encrypt your email.
- Your key will be processed manually by the KSP coordinator and if the submitted key is valid, a mail will be sent to you with your submitted keys and how they will be listed in the final list of participants. Please make a note of the number assigned to you. That will be your place in the line we'll form to check key fingerprints and IDs.
- On Thursday, Nov 3, 2011 you will be able to fetch both the complete keyring with all the keys that were submitted (ksp-precise.asc.bz2) along with a text file giving the fingerprint of each key on the ring (ksp-precise.txt). Both the keyring and text files will have corresponding files with their MD5 and SHA1 checksums. At the same web page, there will be a pdf version of the text file together with its corresponding MD5 and SHA1 checksum files. All the MD5 and SHA1 files will be signed with public key 0x3A15C5A8, which can be downloaded from subkeys.pgp.net. To verify the signature of the MD5 and SHA1 files, download Marc's key from subkeys.pgp.net, e.g.:
gpg --keyserver subkeys.pgp.net --recv-keys 0x3A15C5A8
- And then run gpg with the verify option (using ksp-precise.txt.md5.asc as an example):
gpg --verify ksp-precise.txt.md5.asc
- On your own system, verify that the fingerprint of your key in ksp-precise.txt is correct. Also compute the MD5 (SHA1) hash of ksp-precise.txt. One way to do this is with md5sum (sha1sum) invoked as follows:
md5sum ksp-precise.txt sha1sum ksp-precise.txt
- Alternatively, you can compute the MD5 (SHA1) hash as follows:
gpg --print-md md5 ksp-precise.txt gpg --print-md sha1 ksp-precise.txt
Retrieve a copy of the keysigning party printout from the conference desk Thursday after lunch, which includes the list of all participants in the party.
- Fill in the printout with the MD5 and SHA1 hash values computed on your local copy of the ksp-precise.txt file.
A reader will recite the MD5 and SHA1 hashes of ksp-precise.txt. Verify that both of the hashes recited matches what you computed. This provides a reasonable guarantee that all participants are working from the same list of keys. Keysigning participants must be present for the recitation of the hashes, or they will not be able to continue with the protocol below. According to the international radiotelephony spelling alphabet, the letters A, B, C, D, E and F will be read out as Alpha, Bravo, Charlie, Delta, Echo and Foxtrot, respectively.
- Next, the reader will ask if everybody has the same MD5 and SHA1 hash of ksp-precise.txt. If that is the case, sign each page of your hardcopy of ksp-precise.txt.
- The next step is to verify each participant's identity by checking preferably a passport or, alternatively, some other form of government-issued ID. Please don't show very old, doubtful or easy-to-fake documents as people will not sign your key if you do so.
- Find in ksp-precise.txt the number assigned to one of your submitted keys. The number is just above the line starting with 'pub'. Half of the "n" participants, numbered from 1 to n/2 will line up, ordered by number. The other half, from (n/2)+1 to n will line up so that person n/2 will face person (n/2)+1, (n/2)-1 will face person (n/2)+2, and so on. After every pair of people facing each other have checked their IDs, the first segment of the line will shift to the left one position. And so on, until each person has seen the rest of the people.
Later that evening, or perhaps when you get home, you can sign the keys in ksp-precise.txt which you were able to verify. It is suggested to use the caff program in the signing-party package for this. Please note that using caff requires a local Mail Transfer Agent (MTA) to be configured on your machine, or else the keys you sign will just be stuck on your own system. These articles may be helpful:
Setting up sSMTP as your local MTA: http://www.nixtutor.com/linux/send-mail-with-gmail-and-ssmtp/
Summary: What to bring with you
- A pen.
- The MD5 and SHA1 hash you made of ksp-precise.txt so that we can ensure we are all working with the same copy.
- Some form of government issued ID (passport or similar).
- If this is your first keysigning, a copy of this web page and linked documents might be useful.
If you have questions please ask Marc Cluet or send email to email@example.com.