PGP Keysigning

From Chaos Communication Camp 2007

Jump to: navigation, search

Contents

[edit] Last minute

A pgp signing party took place on saturday at noon near the rocket at The Camp.

Thanks to all the privacy-aware who came there.

Don't forget to sign the keys whom you had the fingerprint when returning home. You may use signing-party debian package, and its caff binary if you are under debian or ubuntu.

See you next time guys.


[edit] What and why?

I think it would be great fun to make a large-scale PGP keysigning with about 1000 people. :-)

The basic idea of this page is to organize a big PGP key signing party at this years camp.

The main intentention of a keysigning is to improve your personal web of trust. When you create a PGP-key, nobody knows if it really belongs to you. (You can create keys for any name you want.) Therefore people meet at keysignings and compare the data on a persons key with its passport or any other official documents. If they believe, that key and person belong to each other, they will sign your key.

So you can improve the trustlevel of your key and you'll also got to know some interesting people.


[edit] What can I do to take part?

You should follow those steps:

  1. Create, if not already done, your key. If you'd like to know how to do that, take a look at GPG-Mini-Howto
  2. Load your public key to one of the usual keyservers:
    • subkeys.pgp.net
    • random.sks.keyserver.penguin.de
  3. Put your key ID in the list on this page
  4. Download the compiled list of all participants.
  5. Check your key(s) on the list.
  6. Calculate the MD5- or SHA1-hash of the list and enter these value into the correspondig field.
  7. Take the list and your passport to the camp and enjoy the keysigning :-)

[edit] How does the whole thing work?

We will meet at some yet to be worked out time and will compare the MD5-/SHA1-values that everyone has calculated for his own. If these values are all equal, everyone has the same version of the list. Hereafter we create a long line and everyone will check fingerprint and passport of its opposite.

When you arrive at home and you recovered from the strains, sign all keys which you believe valid.

[edit] Biglumber way of Keysigning

Please add your key to the Biglumber Keyring, then instead of the above list, one can simply download the whole keyring in one go, make a SHA256 hash over that and presto. Verification of the keyring is the same, that is manual, passport/trust checking also happens in the same way.

[edit] Formal signing party

A formal signing party will take place on saturday 11th, at 12:00 (at noon).

Let's meet together at the camp spaceship (in front of the art & beauty bunker, number 4 in the plan).

If you don't have printed copies of your fingerprint (e.g. when you only have it on your laptop), call 6128, we will try to find a solution ;)

Let's meet there ...

[edit] Who takes part?

  1. Sebastian Krohn 0x82268497
  2. Sebastian Roth 0x6e2b43dc
  3. Uwe Hölzel 0xc817ffb9
  4. Jure Koren 0x6ba1ac22
  5. Jeroen Dekkers 0xac1e715e
  6. Alexandre Girard 0x3bf820b3
  7. Jeroen Massar 0x333e7c23
  8. Benjamin Sonntag 0x9F1ACE9C
  9. Fabrizio Tarizzo 0xF1E8E6E4 DECT: 6161 - Jabber: bluviolin@jabber.ccc.de - c/o Italian Village
  10. Norman Zimmer 0x1842A431
  11. Max Holzapfel 0xD0458313
  12. Antti Vähä-Sipilä 0x3DE9A7CA
  13. Philip Paeps 0xC5D34D05
  14. Dirk Zarth 0x574A8BBC
  15. Matthias Brettschneider 0x06CC7C7D
  16. Sandro Kehrlein 0xC47C104D
  17. Leon Weber 0x8E04D7FC
  18. Mikael Voss 0x60995F53
  19. Attilla de Groot 0xC8AA0121
  20. Till Steinbach 0xC80A6B16
  21. Robert Schuppenies 0xB8064E5E
  22. Fabian Everding 0x255311368172c888
  23. Lars Solberg 0xF9AE348F
  24. Tobias Guth 0x2AD00547
  25. Birger Brunswiek 0x754C0760
  26. Nicolas Vigier 0x2C8C3C11 0x87C3812B
  27. Thomas Kaschwig 0x3D68D63A
  28. Tobias Kirschstein 0xD6DED000
  29. david vernazobres D22D9C7F (DECT:2832)

[edit] Individual signings

As discussed on the Talk page of this article, some people are not in favor of large PGP Keysigning events, you can of course also try to grab a beer with those people, get to know them first and then ask them to sign your key. Some people prefer this, as PGP signings are done on a basis of trust, and do you trust a passport more and the issuer of that passpot or do you trust the actual person?

[edit] See also

[edit] Key words

gpg, gunpg, pgp

Personal tools