Ten Steps for attending a keysigning party

7 September 2007

A key signing party can be an event of its own, or it might be at a user group meeting, or at a conference, or at a workplace. The idea is to increase the 'web of trust' and thus strengthen the system as a whole, as well as making your own key more trusted. Alex Willmer explains what you need to do to participate in a key signing party, using GNU Privacy Guard.

You can use either the command line gpg tool or a GUI front end such as seahorse. The command line approach goes as follows:

0. Generate a key

If you've not already done so, generate a key pair:

$ gpg --gen-key

1. Get your key ID

Find your public key, by typing this:

$ gpg --list-keys

This gives the results as below, the uid should match your name and chosen email address. Note the id, on the line labelled 'pub':

> /home/alex/.gnupg/pubring.gpg
-----------------------------
pub 1024D/5A6F95BE 2007-02-08
uid Alex Willmer <alex at moreati.org.uk>
sub 2048g/63329941 2007-02-08

2. Upload your key

Publish your public key to a keyserver, use the keyserver option:

$ gpg --keyserver ldap://keyserver.pgp.com --send-keys 5A6F95BE

Which should respond as follows:

> gpg: sending key 5A6F95BE to ldap server keyserver.pgp.com

3. Print your key fingerprint

Type the following, using the id from step 1.

$ gpg --fingerprint 5A6F95BE

The result is your keyfingerprint of your public key, as shown below.

> pub 1024D/5A6F95BE 2007-02-08
Key fingerprint = C9CD 3335 C138 7291 2022 F30D 2E51 C57B 5A6F 95BE
uid Alex Willmer <alex at moreati.org.uk>
sub 2048g/63329941 2007-02-08

Print your fingerprint onto paper, you should be able to get quite a few on a page, which you can then cut into slips. This also may be achieved with the command gpg-key2ps.

4. Go to the party!

Bring the slips and credentials that prove your identity to the key signing party. Normally parties require you to bring credentials that include a photo (e.g. your passport or drivers licence).

5. Give out slips

Give a fingerprint slip to anybody you wish to sign your key, and allow them to verify your identity using your credentials.

6. Take slips

Verify in person, the identity of anybody you accept a slip from. Ensure the slip has a uid matching their name.

Note that it is anti-social to take slips and just throw them away or forget about them. If you take a slip from someone then it is polite to actually use it by doing steps 7+8.

7. Verify the key fingerprints of your acquaintances

Once home, using the id from each slip, download and verify the fingerprint of each person's key:

$ gpg --keyserver ldap://keyserver.pgp.com --recv-keys [key_id]

$ gpg --fingerprint [key_id]

8. Upload your acquaintances' keys

Sign each of the verified keys, upload them to a keyserver:

$ gpg --sign-key [key_id]

$ gpg --keyserver ldap://keyserver.pgp.com --send-key [key_id]

9. Use GPG!

You can now sign emails and anybody who signed your key can verify that email was sent by you and has not been modified. Additionally, you can encrypt anything you send to a person whose key you have signed.

10. Advanced usage

There are optional, additional steps such as encrypting a signed key and sending it to the listed uid. By receiving the signed key and decrypting it, they prove access to the email address and control of the private key.

More Information

1 Alex Willmer says...

Hi Zeth,

Thankyou for putting the guide up and doing a cleanup. Just one quibble: my key 1024D/5A6F95BE goes with the email address <alex@moreati.org.uk>. I'm not sure what alex at commandline.org.uk is.

Feel free to include my address as is, I try to avoid armouring. I quite like Seahorse, the default Gnome keyring manager myself, which can do all of the above. I'm more of a command line tourist.

Regards, Alex

PS I realise it's bad form not to sign this comment. Sorry.

Posted at 12:50 p.m. on September 24, 2007

2 Mr Stuff says...

It seems I can't convince a single person to use GPG for anything at all! Whenever I recommend it to someone and offer to help them through it step by step, these otherwise intelligent people just turn into morons! It's such a shame. GPG is very fit for purpose and EASY TO USE.

Posted at 7 p.m. on December 16, 2007

3 Bill says...

I'm with Mr Stuff on this one. Yeah, GPG is the perfect fix for what ails ya, but all I get when I suggest using it are glassy-eyed stares. Prolly because most people are still using some form of Windows.

Waaay too naive.

Posted at 3:44 a.m. on October 8, 2008

4 Michael Schuld says...

GPG installs fine in Windows :p We use it for things around my office envrironment, but I guess that is just because we are all a bit geeky ;)

Posted at 4:07 a.m. on October 8, 2008

What do you have to say?

Show Editing Help

About

Hello, my name is Zeth, I'll be your host here.

Command Line Warriors is about taking control of your own technology, it looks at our experiences of computing; especially using GNU/Linux, the Python programming language, the command-line and issues such as techno-ethics, best practices and whatever is cool now. If you take control of your technology then you are a Warrior too!

This site is your site too which means that you can contribute and get involved. You can leave comments using the facility provided. For me, the comments and discussions are by far the best part of the site. So please do have your say!

Latest Discussions

Cupcake

July 31, 2010
Good post! You helped me a lot with my school project! CountryField(blank = True) < (K)
→ Countries in Django

LeshaShampoo

July 30, 2010
it was very interesting to read commandline.org.uk I want to quote your post in my blog. It can? And you et an account on Twitter?
→ Email Syntax Check in Python

vemma2018

July 30, 2010
I find myself coming to your blog more and more often to the point where my visits are almost daily now!
→ On Comment Spam

layecenda

July 30, 2010
Hello. And Bye.test :) http://idfjhvihdfiphvlajbvhalibv.com
→ PuTTY Series: Adding PuTTY to your system path

scuba

July 30, 2010
I’ve been visiting your blog for a while now and I always find a gem in your new posts. Thanks for sharing.
→ On Comment Spam

Businesking

July 30, 2010
Great site and articles for hack for win, I said Amazing post
→ How not to program WSGI

Tehnoking

July 30, 2010
This is Great post to learn about the hack Thumbs-up for you :D
→ How not to program WSGI

Syabiltech

July 30, 2010
I think this articles for master...because very hard to learning, As blogger beginners like me.
→ How not to program WSGI

coffeeatea

July 30, 2010
Are you looking for coffee gifts? We can tell you more about the coffee gifts including coffee machines and coffee pods.
→ Introducing Soturi - yet another Django blog application

noni juice

July 30, 2010
I just sent this post to a bunch of my friends as I agree with most of what you’re saying here and the way you’ve presented it is awesome.
→ On Comment Spam

Dion Moult

July 29, 2010
What I do know is that ever since I tried out Opera and put their tab bar on the left as a column, I've loved that layout. Back on Firefox ...
→ We need a thoughout integration of the desktop and the web - not Tab Candy superfast jellyfish

ZonaEntertainment

July 29, 2010
Wow useful articles, I'm read to learn about this and now I bookmark this to my Facebook, thanks for share!
→ How not to program WSGI

Giacomo

July 29, 2010
Honestly, I think both Mozilla and you are wrong :) This sort of concept adds overhead. A user would have to manage all this crap, constantly dragging and dropping, creating ...
→ We need a thoughout integration of the desktop and the web - not Tab Candy superfast jellyfish

Matija "hook" Šuklje

July 29, 2010
As a minimalist, you'll probybly moan if I mention KDE, but I'll do so anyway ;) The future I want (and actually see slowly fold out before me) is to ...
→ We need a thoughout integration of the desktop and the web - not Tab Candy superfast jellyfish

tahitian noni

July 28, 2010
Thank You For This Blog, was added to my bookmarks.
→ On Comment Spam

Rick

July 28, 2010
I already have piles. It's called A New Window.
→ We need a thoughout integration of the desktop and the web - not Tab Candy superfast jellyfish

Tech News

July 25, 2010
Thanks for this short tutorial...was auto-FTPing my files from my appserver to webserver for my tech news website. Everything was OK until someone hacked it. Hosting provider is now recommending ...
→ SFTP in Python: Really Simple SSH

naypalm

July 24, 2010
During the past 3-4 years, I and many others have enjoyed unlimited 2G/3G internet. But ever since the massive cult-like following of i Phone users in the US, most cellular ...
→ Calling time on mobile internet nonsense?

Steve

July 15, 2010
Very occasionally, you will run into a Java program that uses a lot of memory just to hold all the classes used. It turns out that the JVM uses a ...
→ Three classic command line tips

no

July 14, 2010
1. number one 2. number two 4. number four 3. number three 6. number six # first # second ## second-ay ## second-bee ### second-bee-one ### second-bee-two
→ An Introduction to ReStructuredText

COMMAND LINE WARRIORS

Taking Control of your Own Technology