[ English ]

GnuPG/OpenPGP Key Signing Party @ FOSDEM ( FOSDEM 2005 )

Registered users for the Keysigning (OpenPGP publickeys in armored ASCII).
Registered users for the Keysigning (List of users 'gpg --fingerprint --list-keys' output).

Introduction

FOSDEM will hold a meeting for the signing of OpenPGP/GnuPG keys during FOSDEM , on Sunday (place to be defined).

How to take part?

Before the key-signing party?

You must send your public key to the organizer of the key signing party. To extract your public key, use the syntax: "gpg --export --armor" your@email "> yourname.asc" then send the file yourname.asc to the organizer (key-submit@fosdem.org) of the key signing party. (Deadline for submission is 20 February)

If you do not have a public key yet or you have never used GnuPG/OpenPGP, I recommended you read the GnuPG handbook, available in English, German or French . This gives a clear explanation of how to generate a key, which will allow you to take part in the key signing party.

During the key-signing party?

You must have:
Proof of your identity (passport, indentity card...)
Your key fingerprint (which you printed yourself!)
And of course, a good mood
A computer is not needed during the key signing party

You will receive a paper list of all the participants, printed by the organizer, in the following format:

Name/uid	KeyID	Fingerprint	type/size	Fingerprint OK?	ID-Check OK?
Alexandre Dulaunoy < adulau@foo.be > Alexandre Dulaunoy < alexandre.dulaunoy@ael.be >	44E6CBCD	3B12 DCC2 82FA 2931 2F5B 709A 09E2 CD49 44E6 CBCD	1024/D	[ ]	[ ]

The key signing party has two main phases:

Fingerprint checking
Each person reads their fingerprint (from their own printed version, not the distributed version) and introduces themselves. Thus everyone can check if the list of fingerprints on the sheet provided by the organizer is correct. If they match, you can make a cross in the part "Fingerprint OK?" for each participant present whose fingerprint checks out.
Identity checking
You must then check the identification of each person. Each person simply presents their proof of identity and reconfirms their fingerprint. At this point, if the proof of ID checks out, you can make a cross in "ID-Check OK?".
If this explanation seems fuzzy, a more complete explanation will be given at the time of the key signing party.

After the key-signing party?

When you return home, you can sign the keys of the people who took part in the key signing party whose fingerprint and identity you have confirmed on your sheet.

Do not sign the key of any person you have not personally identified. This is important for the quality of the "Web of Trust" and especially for the "value" of your key.

Here is an example of how to sign the key with ID (0x44E6CBCD) which you want to sign following the key signing party:

gpg --keyserver random.sks.keyserver.penguin.de --recv-key 0x44E6CBCD
To get the key from the keyserver random.sks.keyserver.penguin.de
gpg --sign-key 0x44E6CBCD
To sign this key (having of course checked the fingerprint with gpg --fingerprint 0x44E6CBCD)
You must then email the signed key to its owner (to check the validity of the uids) and then the holder of the key will place it on a keyserver (like random.sks.keyserver.penguin.de), using:.
gpg --keyserver random.sks.keyserver.penguin.de --send-key 0x44E6CBCD

References

GnuPG : A free software implementation of the OpenPGP standard.