Keysigning party/After the party

From 33C3_Public_Wiki
Jump to: navigation, search

Some after-parties are more glorious than others.

Take your stack of keyslips. You will need to verify the fingerprint on each one. I use CA - Fire and Forget, caff, to streamline the process. Invoke caff with a list of the key ID's of all the people. For instance, my key ID is the "rsa2048/DE500B3E" bit on my key slip; just use the DE500B3E part. It's actually the last few digits of the fingerprint. It might be necessary to first fetch the key from the place indicated on the keyslip. If there isn't any indication on the keyslip, it should be on the keyserver network, and caff will get it for you instead.

For every key that you wish to sign, I suggest you hold it just below the line on your monitor that has the fingerprint of the key. That way, the digits to compare are close to eachother and it is easier to do. You'll have a lot of digits to compare, 40 per keyslip! And you need to verify each digit individually.

For every key that caff presents to you caff can send the signatures to the e-mail addresses listed in the UID's. This serves two purposes. On the one hand, the recipient can decide themselves whether to publish your signature or not. On the other hand, it provides a basic level of verification that the e-mail address in the UID actually belongs to that person, because they need to be able to receive your mail to publish your signature to the world. Since caff also encrypts the mail, they also need the private key to decrypt it.

(This text is copyright 2016 Peter Lebbing under the CC-BY-SA 3.0 licence)

Retrieved from "https://events.ccc.de/congress/2016/wiki/index.php?title=Session:Keysigning_party/After_the_party&oldid=9079"