Debconf6 Keysigning Party | ||
As part of the 7th Debian Conference in Oaxtepec, Mexico, there will be an OpenPGP (pgp/gpg) keysigning party (KSP).
Friday, 19th of May, 2006 at 18:00.
A key signing party is a get-together of people who use the PGP encryption system with the purpose of allowing those people to sign each others keys. Keysigning parties serve to extend the web of trust (WoT) to a great degree. Keysigning parties also serve as great opportunities to discuss the political and social issues surrounding strong cryptography, individual liberties, individual sovereignty and even implementing encryption technologies or perhaps future work on free encryption software.
Matthew Wilcox maintains the debconf6 keysigning analysis web page. if you click on the key ID you get a report telling you all sorts of cool stuff including the people who are the furthest away from you. Trading sigs with those people helps the MSD the most (I'm nore sure if it helps the WoT the most, but I think so). This paragraph was contributed by Matt Taggart.
Please read section One of the GnuPG Keysigning Party HOWTO (note: we are doing the party slightly different, so the other chapters do not 100% apply).
The KSP will be conducted using Len Sassaman's Efficient Group Key Signing Method which is a protocol to do keysignings in a way that is faster than the way many people may be familiar with. Last KSP at Debconf5 was the world biggest ever.
The deadline has now passed. If you haven't submitted your key yet, it's too late to get your key on the primary list. It's not, however, too late to participate altogether. Please find Anibal Monsalve Salazar at Debconf not later than Thursday, 18th of May, 2006 and we can work out a way for you to participate.
If you intend to participate please send your ascii armored public key to ksp-dc6@v7w.com by Saturday, 6th of May, 2006. Attach the key (or keys) as a file, and name that file like your email address appended with ".asc" (multiple keys per file/armor are just fine). Preferably do not sign or encrypt your email.
Your key will be processed manually by the KSP coordinator and if the submitted key is valid, it will be listed at names and a mail will be sent to you with your submitted keys and how they will be listed in the final list of participants. Please make a note of the number assigned to you. That will be your place in the line we'll form to check key fingerprints and IDs.
On Monday, 8th of May, 2006 you will be able to fetch both the complete keyring (ksp-dc6.asc.bz2) with all the keys that were submitted along with a text file (ksp-dc6.txt) giving the fingerprint of each key on the ring.
At http://debconf6.debconf.org/ksp/, or alternatively at http://people.debian.org/~anibal/ksp-dc6/ both the keyring and text files will have corresponding files with their MD5 and SHA1 checksums. At the same web page, there will be a postcript version of the text file together with its corresponding MD5 and SHA1 checksum files. All the MD5 and SHA1 files will be signed with public key 0x1880283c, which can be downloaded from keyring.debian.org or db.debian.org.
To verify the signuture of the MD5 and SHA1 files, download anibal's key from db.debian.org, e.g.:
finger anibal/key@db.debian.org | gpg --import
And then run gpg with the verify option (using ksp-dc6.txt.md5.asc as an example):
gpg --verify ksp-dc6.txt.md5.asc
At home, verify that the fingerprint of your key in ksp-dc6.txt is correct. Also compute the MD5 (SHA1) hash of ksp-dc6.txt. One way to do this is with md5sum (sha1sum) invoked as follows:
md5sum ksp-dc6.txt
sha1sum ksp-dc6.txt
Alternatively, you can compute the MD5 (SHA1) hash as follows:
gpg --print-md md5 ksp-dc6.txt
gpg --print-md sha1 ksp-dc6.txt
At Debconf, come with the hash you computed and a hardcopy of ksp-dc6.txt.
A reader will recite the MD5 and SHA1 hashes of ksp-dc6.txt. See photo. Verify that one of the hashes recited matches what you computed. This guarantees that all participants are working from the same list of keys.
According to the international radiotelephony spelling alphabet, the letters A, B, C, D, E and F will be read out as Alpha, Bravo, Charlie, Delta, Echo and Foxtrot, respectively.
Next, the reader will ask if everybody has the same MD5 (or SHA1) hash of ksp-dc6.txt. If that is the case, sign each page of your hardcopy of ksp-dc6.txt.
The next step is to verify each participant's identity by checking preferably a passport or, alternatively, some other form of government issued ID. Please don't show very old, doubtful or easy-to-fake documents as people will not sign your key if you do so.
Find in ksp-dc6.txt the three digits number assigned to one of your submitted keys. The three digits number is just above the line starting with 'pub'. Attach that number to yourself, so others will be able to see it. See photo and photo.
Half of the "n" participants, numbered from 1 to n/2 will line up, ordered by number. The other half, from (n/2)+1 to n will line up so that person n/2 will face person (n/2)+1, (n/2)-1 will face person (n/2)+2, and so on.
After every pair of people facing each other have checked their IDs, the first segment of the line will shift to the left one position. And so on, until each person has seen the rest of the people. See photo.
Later that evening, or perhaps when you get home, you can sign the keys in ksp-dc6.txt which you were able to verify. Almost everybody in past Debconfs, used Peter Palfrader's pgp-tools to sign keys (using caff) and then encrypt and mail the signed keys (using gpg-mailkeys). The scripts are also available as the debian package signing-party.
ksp-dc6.txt - List of participants (text file).
ksp-dc6.asc.bz2 - Participating keys (keyring).
A printout of ksp-dc6.txt; check that your fingerprint is correct.
A pen.
The MD5 or SHA1 hash you made of ksp-dc6.txt so that we can ensure we are all working with the same copy.
Some form of government issued ID (passport or similar).
If this is your first keysigning, a copy of this web page and linked documents might be useful.
If you have questions please ask Anibal Monsalve Salazar during Debconf or send email to anibal@debian.org.
Please see Relevant Information and Sources for More Information.
Special thanks goes to Amaya Rodrigo Sastre who provided the photos of the KSP at Debconf5, Benjamin Mako Hill who provided the scripts and text used at Debconf4, Peter Palfrader who provided the scripts and text used at Debconf3 and LinuxTag (2003 and 2004) whose reuse made putting together this keysigning easy and possible.