What can I expect at a Key Signing party?

Andrew McDonald andrew@mcdonald.org.uk
Sun Oct 14 15:34:02 2001 

--7JfCtLOvnd9MIVvH
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Oct 14, 2001 at 07:53:54AM -0400, Jean-David Beyer wrote:

> You will be able to tell that I am a newbie as far as PGP and GnuPG are

> concerned, though I have it running on my machine now (not with this

> MUA, though).

>=20

> If I want to get people to sign my public key, it seems that the best

> way would be to go to a Key Signing party. What do I bring? What do I

> get back.


I usually take my passport and a pile of slips of paper I've printed
out which say:
----
pub  1024D/F2DEED36 1999-11-01 Andrew McDonald <andrew@mcdonald.org.uk>
     Key fingerprint =3D 3EDE 0FBC 6138 DCA0 FC8E  C508 FCBB A9C8 F2DE ED36
uid                            Andrew McDonald <A.D.McDonald@bcs.org.uk>
sub  2048g/FA04439F 1999-11-01

Available from http://www.mcdonald.org.uk/andrew/pgpkey.html or keyservers
----

I examine people's passports (and laugh at the photos), take their slip
of paper and squiggle my signature on it (so I know no-one substituted
it for another afterwards).

When I get home I download their key and check the fingerprint against
the slip of paper. I then usually e-mail them a challenge (something
like the output of "dd if=3D/dev/urandom bs=3D1 count=3D32 | od -x -Ax")
which they return signed by their public key.

Having verified the signature and fingerprint of the key I then sign
the key, and either e-mail it to them or upload it to a keyserver.

With regard to finding keysigning parties: At my local Linux User Group
(Hampshire, UK) people regularly exchange keys. Some conferences (e.g.
IETF meetings) also have keysigning sessions. Otherwise, it can be a
bit more difficult.

--=20
Andrew McDonald
E-mail: andrew@mcdonald.org.uk
http://www.mcdonald.org.uk/andrew/

--7JfCtLOvnd9MIVvH
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)

iD8DBQE7yZLk/LupyPLe7TYRAmWJAJ0VNZw3rsqfKH7Dt8aQKEsW9k6cugCfURwP
YxiUmYR4wa1qIphlTuCbyXk=
=H0hz
-----END PGP SIGNATURE-----

--7JfCtLOvnd9MIVvH--