Skip navigation.

Keysigning Party @ Debconf 2005

Fri, 2005-07-15 21:00

At Debconf5 in Helsinki, Finland there will be an OpenPGP (pgp/gpg) keysigning party.

What is/Why keysigning?

A key signing party is a get-together of people who have PGP keys for the purpose of allowing those people to sign each other's keys. Key signing parties allow the web of trust to be extended to a great degree. Keysigning parties also serve as great opportunities to discuss the political and social issues surrounding strong cryptography, individual liberties, individual sovereignity, and even implementing encryption technologies or perhaps future work on free encryption software.

Please read section One of the GnuPG Keysigning Party HOWTO (note: the party will be done slightly differently, so the other chapters do not apply completely).

How the Keysigning Will Happen

The Party will be conducted using Len Sassaman's Efficient Group Key Signing Method which is a protocal to do keysignings in a way that is faster than the way many people may be familiar with:

  • If you intend to participate please send your ascii armored public key to by Sunday, July 3rd, 2005.

    Attach the keys as a file, and name that file as your email address (multiple keys per file/armor are just fine). Please do not sign or encrypt your email.

    You will receive a confimation message after your key has been accepted. The list of names of people with accepted keys is available at ksp-dc5-names.txt.

    This deadline has now passed. If you haven't submitted your key yet, it's too late to get your key on the primary sheet. It's not, however, too late to participate altogether. Please find anibal at Debconf before July 15th and we can work out a way for you to participate.

  • By Wednesday, July 6th, you will be able to fetch both the complete keyring with all the keys that were submitted along with a text file that has the fingerprint of each key on the ring. (ksp-dc5.txt)

  • There are two missing lines just before Adeodato's key fingerprint. Please add the following two lines to your list:

    001 [ ] Fingerprint OK [ ] ID OK
    pub 1024D/DA6AE621 2003-10-07

  • At home, verify that the fingerprint of your key in ksp-dc5.txt is correct. Also compute the MD5 hash of ksp-dc5.txt. One way to do this is with md5sum invoked as follows:

    md5sum ksp-dc5.txt


    gpg --print-md md5 ksp-dc5.txt

    Just to be sure that you have no problems with the download, here is the MD5 hash as we have calculated it:

    MD5 = E2 1A 9F 68 C8 25 7A 34 3E 99 A1 C3 D2 37 DF A4

    Note that this is just a hint - you must do the check yourself.

    You can calulate the SHA1 hash too with sha1sum or gpg --print-md sha1).

  • At Debconf, come with the hash you computed and a hardcopy of ksp-dc5.txt.

  • A reader at the front of the room will recite the MD5 hash of ksp-dc5.txt. Verify that the hash recited matches what you computed. This guarantees that all participants are working from the same list of keys.

    The reader will also recite the SHA1 hash.

  • Next, the reader will ask if everybody has the same MD5 hash of ksp-dc5.txt. If that is the case, sign each page of your hardcopy and mark the key verified on it.

  • The next step is to verify each participant's identity by checking the participant's passport or similar form of ID.

    At Debconf4, the participants formed a closed line in numerical order by the number assigned to the participants on the hardcopy, and after each pair of people facing each other verified their ID documents, a segment of the line shifted to the left one position.

  • Later that evening, or perhaps when you get home, you can sign the keys that you were able to verify belong to the individual listed on the key and whose fingerprint match the fingerprint on the hardcopy. After you have signed a key, send it to its owner along with your signature.


Summary: What to bring with you

  • A printout of ksp-dc5.txt; verify that your fingerprint is correct.
  • The MD5 Hash you made of ksp-dc5.txt so that we can ensure we are all working with the same copy.
  • Some form of government issued ID (passport or similar).
  • If this is your first keysigning, a copy of this email and linked documents might be useful.

If you have questions please ask Anibal Monsalve Salazar <>.

Special thanks goes to Benjamin Mako Hill who provided the scripts and text used at Debconf4, Peter Palfrader who provided the scripts and text used at Debconf3 and LinuxTag (2003 and 2004) whose reuse made putting together this keysigning easy and possible.

Relevant Information and Sources for More Information