August Tux
with drink and sun glasses


PGP Key Signing Party

Arrangements- Muli Ben Yehuda

Howdy, Penguin Lovers!

As announced before here and elsewhere, we will have a PGP key signing party at the August Penguins event (this Friday, 0900, Tel Aviv Cinemateque, more details at http://www.iglu.org.il/august/).

The key signing party will take place immediately after the movie, so expect to stick around for a few more minutes. If you want to take part, you need:

  • to have a PGP public key/private key pair. I assume you already have this, but if you don't, now's a great time to get one. There are explanations on how to create one here.
  • to send me your public key and public key information, BY WEDNESDAY NIGHT. This is because I need time to compile the list of participating people and keys to distribute it to party goers.
    gpg -a --export your_name should output your public key in armored ascii mode. Send me this file, and the key information (ID, type, size and hex fingerprint).
  • to bring with you a valid form of identification such as an ID card or a driver's license. You also need to bring with you your key info (key id, key type, key size and key hex fingerprint).
Here's what a key signing party looks like, from the GnuPG Keysigning Party HOWTO.

A centralized party would be a more organized affair which would work well with small to medium numbers of people. The participants would send their key information to the coordinator who would compile it into a list. Each participant, upon arriving at the party, would be given a copy of the key list. Each participant would then be called on by the coordinator. The participant would then check their key fingerprint against the fingerprint on the sheet that the coordinator gave them. If the participant is sure that their key is the same as the key on the sheet then the participant would read their fingerprint aloud so that the other party participants can make sure they also have the correct matching fingerprint. If they do in fact have the correct matching fingerprint, they check it off on their sheet. This is necessary to make sure that the coordinator has not made a mistake in the generation of the sheet or has not slipped a sheet with faked key information to one or more of the participants. After everyone has checked off the participant's key, the coordinator then calls on the next participant, and so on. After all of the keys have been verified, the participants and coordinator are asked to form a long single file line while holding their IDs in front of them. The person at the head of the line walks down the line and checks each person's ID. If their ID is correct and the person walking down the line has a check next to the individual in the line's key verifying that they had said it was their key at the beginning of the party, he places a second check mark on his list. Once a key has two check marks it can be signed.

If you have any questions, don't hesitate to contact me. See y'all at the party!

Outcomes- Yotam Rubin

This party involved the identity verification of participants so their keys could be later signed by fellow participants. Although not deprived of a procedural mishap[0], the party was completed with 9 verified identities. Soon after the gathering had terminated, people began to sign each other's keys. As of now, there are 8 keys in this newly formed keyring. I have posted the keyring and other visual aids produced by sig2dot.pl and graphviz.

I hope that this keyring will continue to expand. The value of a public keyring, where one may reliably confirm another's identity is not only useful for the present, but possibly for the future as well, when the government would want to explore digital id's and the like. Should there be a large enough keyring, it's possible that government officials might lean towards an open solution, rather than a proprietary one.

If anyone wants to hold a key signing party in Beer-Sheva and the vicinity, please let me know.

Regards, Yotam Rubin

[0]: Most people neglected to bring their key fingerprints, which tends to decrease the reliability of the whole process.