What?

Bond University's IT School hosts the next Gold Coast Barcamp, and we'll use the opportunity to run a small keysigning event: strong crypto is great and strengthening the Web of Trust always helps.

Uhh, what's a keysigning party anyway?

A keysigning party is a get-together with PGP/GPG users for the purpose of meeting other crypto users and signing each other's keys. This helps to extend the "Web of Trust" to a great degree. Also, it sometimes serves as a forum to discuss strong cryptography and related issues.

If you're new to GPG please check the links to extra documentation near the botton of this page and check out the slides for my last brief talk on GPG.

Where and when?

Bond University, Living Lab (which is in Building 3a - this page describes how to get to Bond, and this map shows the buildings).

The Barcamp is held on Sat, 10 September 2011. We'll do the id verification/keysigning part during the afternoon break at 14:20.

Even if you can't attend the Barcamp, feel free to drop by just for the keysigning. Anybody with a GPG key who wants to exchange signatures with some other people is welcome.

What do I need to do?

1. Generate a key for yourself if you aren't a GPG user already.

2. Submit your public key to me.
   Please submit keys only in ascii-armoured format.

   Unix systems: gpg --armor --export yourkeyid
   GPG4Win users need to select something.asc when exporting their key.

   Public key file to upload:

3. Print out the fingerprint of your own key and bring it with you, or store the fingerprint on some smart toy of yours and bring that.

4. Pack some official photo ID, ideally a passport, drivers licence etc. Ideally you bring two different forms of ID.

5. Come to the keysigning event! (Duh.)

6. I'll print a list with everyone's key ID/type/size and fingerprint, and distribute copies at the meeting.

7. At the meeting each key owner reads his key ID, key type, fingerprint, key size, and user ID from his own printout or gadget, not from the distributed list. This is because there could be an error, intended or not, on the listing. This is also the time to tell which IDs you want signed (some people are picky about that; when in doubt sign all). If the key information matches your printout then place a check-mark by the key.

8. When the Recital of Cryptic Numbers has bored everybody properly, we'll have some fun comparing mug shots and faces. Depending on how many people we'll be (and whether I can find an overhead projector), we may either show the photo ID on screen (with the recital) or do the classic "walk the gauntlet" check: all attendees form a line. The first person walks down the line having every person check his ID. The second person follows immediately behind the first person and so on. If you are satisfied that the person is who they say they are, and that the key on the printout is theirs, you place another check-mark next to their key on your printout.

9. After everybody has identified himself or herself the formal part of the meeting is over. You are free to leave or to stay and discuss matters of PGP/GPG and privacy (or anything else) with fellow paranoiacs. If everyone is punctual the formal part should take at most a minute per attendee.

10. Import the keys of the attendees into your keyring. You can get a keyring containing all attendees' keys from here, but most people have their keys published on the keyservers as well.

11. Check the key and its fingerprint as on your keyring and the marks you made on the paper list, then sign the respective keys.

12. Export and email the signed keys to the respective owners of the keys. Some people prefer not to have their keys sent to public keyservers, so it's the safer choice to email the key directly to the owner.

Documentation

Here are some links to extra documentation about PGP/GPG and the web of trust:

• Wikipedia:Keysigning Party and Web of Trust
• The GNU Privacy Handbook: a general GPG guide
• GPG Homepage: documentation, packages, links to related software
• GPG 4 Win: the official GPG implementation for Windows systems
• Keysigning Parties: a brief introduction of the mechanics.
• Keysigning Party HOWTO: very extensive.

Questions, Comments?

Feel free to contact me: Alexander Zangerl.