SVLUG Keysigning Party

Where? When?

SVLUG December Meeting
December 7, 2005
The meeting is from 7pm - 9pm.
The keysigning will be at the end of the meeting
Directions and location are available at the SVLUG website.
(http://www.svlug.org)

What's a key-signing party?

A key-signing party is where PGP users get together to verify the match between a PGP key and the identity of the person behind it. They then sign each others keys, thus leading to an expansion of the PGP web of trust.

What do I need to do to prepare for this party?

You need to do the following before the party:

If you don't have one already, generate a PGP key.
There are quite a few choices to make when generating a PGP key, so choose wisely.
Many choices cannot be changed later.
For information on how to generate a PGP key using GnuPG, here is a link to the appropriate section of the Gnu Privacy Handbook.

Submit your key to the keyserver running at subkeys.pgp.net.

gpg --keyserver subkeys.pgp.net --send-keys (your hex ID here)

Email your key ID, key type, fingerprint, and key size to me.
Ideally I would like the output of
```
gpg --list-keys --fingerprint (your hex ID here)
```
PLEASE put the word PGP in the subject.
mail it to Andrew Chant (andrew.chant@gmail.com).
Deadline: 5pm December 7th
You will receive an email response signed by me (355144CE)
Assuming I got your key and all is well. Additionally, your key fingerprint will be listed here.
I have chosen to only post the key fingerprints to avoid spam problems, though do note that email addresses are easily harvested through the pgp keyservers.
Come to the December 7th SVlug meeting!
DO NOT FORGET TO BRING:
1. You
2. Method for proving your identity
  Some people require passports, or other gov't issued photo ID. Others are more careful :)
3. A paper copy of your key ID, key type, key fingerprint (in hex), and key size
4. Pen or Pencil
5. You do not need a computer. It will not help.

How will we do the keysigning?

All of the participants in the keysigning will pick up the copy of the key list that I will provide.
All participants in the keysigning will get in a line, in the order that their key is listed in the file.
I will read aloud the key fingerprints in order. The owner of the key should say "CORRECT" or "SOMETHING IS ROTTEN IN THE STATE OF DENMARK!" when their key is read aloud. Upon hearing "correct", everyone will check the "Fingerprint correct" box for that key.
The head of the line will start down the line verifying identities. If they are satisfied that the identity of each keyholder is correct, they will check the "Identity verified" box for that key.
If there is noone ahead of you in line, you will start down the line.
As you reach the end of the line, add yourself to the end so that people coming after you will be able to verify your identity.
When the line is in the same order as it was to start, we are done!

So I've got this sheet full of checkmarks..

Never fear! Here's how to complete the keysigning.
Put your paper in a safe place, then go eat and socialize at the post-SVLUG meeting gathering. When you finally reach a computer you TRUST:

Download the keyring for the keysigning: svlugring.pub
Import the keys into GPG
```
 gpg --import svlugring.pub 
```
For each of the keys on your sheet with two checkmarks:
1. ```
 gpg --edit-key (key ID)
```
2. ```
sign
```
  It may first ask you if you want to sign all user IDs. I usually say yes, you can make that choice.
  Then it will present the key fingerprint, and ask you if you *really* want to sign the key. If you have both boxes checked on your sheet, and the fingerprint matches, say yes.
3. Optional
  You may want to 'trust' the key that you are signing as well.
  Please read the following document to understand trust, its implications and how to go about trusting signatures in gpg. http://www.gnupg.org/gph/en/manual.html#AEN346 should take you to the section of the GNU privacy manual on "Trust in a keys owner".
  You can change trust on the key at this point by typing
```
trust
```
4. ```
save
```
  Save the changes to the key and exit.
Once you have signed all the keys, you must send them back to the keyserver.'Trust' isn't sent to the keyserver so no one will know that you don't trust them at all. To help automate the process, here is a textfile with all of the key IDs in it: keys.txt. To send all the keys to the keyserver, run the following command:
```
cat keys.txt | xargs gpg --keyserver subkeys.pgp.net --send-keys
```
Alternatively you can just specify the list of key IDs after --send-keys.

What if I still have a question?
The best resource online is probably the GnuPG Keysigning Party HOWTO.
If you have any questions, though, email me at andrew.chant@gmail.com and I will be more than happy to help.
-Andrew