Keysigning Party @ Debconf 3
At Debconf 3 there was of course also an OpenPGP (pgp/gpg) keysigning party.
What is/Why keysigning?
Please read section One of the GnuPG Keysigning Party HOWTO (note: we are doing the party slightly different, so the other chapters do not 100% apply).
The Party was conducted using Len Sassaman's Efficient Group Key Signing Method:
- The deadline for sending your ASCII armoured public key has passed. If you haven't submitted your key yet, it's too late.
- You can fetch both the
complete keyring with all the keys that were submitted along with a
text file (
ksp-dc3.txt) giving the fingerprint of each key on the ring.
- At home, verify that the fingerprint of your key in
ksp-dc3.txtis correct. Also compute the MD5 hash of
ksp-dc3.txt. One way to do this is with md5sum invoked as follows:
% md5sum ksp-dc3.txt
% gpg --print-md md5 ksp-dc3.txt
Just to be sure that you have no problems with the download, here is the MD5 hash as we have calculated it:
MD5 = 4A DA 4F 5D C8 E8 F4 .. .. .. .. .. .. .. .. ..
- At Debconf, people were supposed to come with the hash you computed and a hardcopy
- A reader at the front of the room recited the MD5 hash
ksp-dc3.txt. People had to verify that the hash recited matched what one computed. This guarantees that all participants were working from the same list of keys.
- In turn, each participant stood up and acknowledged that the fingerprint of his or her key listed was correct. People marked the key verified on your hardcopy. Since we already ensured that everybody has the same copy a simple statement yes, this information is correct is sufficient.
- The next step was to verify each participant's identity by checking her passport or similar form of ID.
- Later that evening, or perhaps when you get home, you can sign the keys which you were able to verify on the hardcopy. After you signed a key send it to its owner together with your signature.
ksp-dc3.txt- List of participants
ksp-dc3.asc- participating keys
Summary: What to you should have brought with you
- A printout of
ksp-dc3.txt; check that your fingerprint is correct.
- The MD5 Hash you made of
ksp-dc3.txtso that we can ensure we are all working with the same copy.
- Some form of government issued ID (passport or similar).
If you have any questions please ask Peter Palfrader <firstname.lastname@example.org>.Peter Palfrader <email@example.com>