[KnoxBUG-talk] july meeting - key signing party
N.J. Thomas
njt at ayvali.org
Thu Jul 14 18:11:01 EDT 2016
* Caleb Cooper <caleb at caleb-cooper.net> [2016-07-13 20:46:07-0400]:
> On 2016-07-13 19:00, Rodney D. Myers wrote:
> > I read up on the upcoming July meeting, and it mentions a "key
> > signing party" after the meeting.
> >
> > Other than having a pgp/gpg key what will be be required to bring?
>
> Just a device on which to run a PGP/GPG tool. I like OpenKeychain for
> Android.
I'm not sure how the one for KnoxBUG will be setup, but in general most
people recommend not bringing a computer/mobile device for PGP
keysigning parties. You generally want to identify people and their keys
from a preprinted list.
We had one at BSDCan this year:
https://www.bsdcan.org/2016/schedule/events/773.en.html
and while people were carrying their laptops/smartphones with them, we
didn't use it for the actual keysigning party.
Roughly, the whole process looks like this:
- before the party:
- generate a key (if you don't have one already), and upload it
to a keyserver
- send your name, keyid, and key fingerprint to the party organizers
- at the party:
- the party organizers pass out the preprinted list of names and
keyids and fingerprints
- you attend the party with some sort of photo ID
- everyone verifies their fingerprint is correct
- everyone gets in a conga line (think of everyone lining up,
facing each other, in a flattened circle)
- you meet every single person in the line and verify them
against their photo ID
- after the party:
- you go home, download the keys (from public keyservers) of the people you have verified
- sign their keys
- upload these signatures back up to the keyserver
That's pretty much it.
hth,
Thomas
More information about the KnoxBUG-talk
mailing list