Key signing party
We should have a key signing party, up for suggestions on where and when and what format
Before the event
You need a gpg key to start, create one now! You might as well make it with as big a key size as possible.
gpg --gen-key gpg --list-secret-keys gpg --fingerprint FA9EC035
Submitting your key
Currently nothing has been decided, please add suggestions below.
- create a wiki page containing your fingerprints
- Some other tool, edit this page and we may use it
|Real Name||Key Id||Key Fingerprint||Preferred E-mail Address|
|J Random Person||0x0000000000000000||FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF|| email@example.com
|[Mark Atwood]||0x5BB3D38332608126||D37B E0BF 09D3 C69B DDAC 78B5 5BB3 D383 3260 firstname.lastname@example.org|
|[Paul Warren]||0x5341F366208EDB2A||DF30 FFE6 CBEE ED60 E340 EEBA 5341 F366 208E DB2Aemail@example.com, firstname.lastname@example.org|
|[Paul Warren]||0x89A45B0613ABFE97||2D60 F3A8 CB31 9C99 F76E 0637 89A4 5B06 13AB FE97email@example.com|
|[Elizabeth Krumbach Joseph]||0x2FC76319BC2349FC||F1A1 2FEF 82A5 666C F9A4 A748 2FC7 6319 BC23 49FCfirstname.lastname@example.org|
|[Arkady Gundroff]||0x877D7A54||27A4 1D27 E9B8 5AD7 1C2A 8A86 ECF8 CCDD 877D 7A54email@example.com|
|[Arkady Gundroff]||0x22F75870||2D39 1FA0 84A6 AE66 D525 0805 68B2 320E 22F7 firstname.lastname@example.org|
|[Kye Russell]||0xE44FDDE6||8AA9 BF1D 306F 1CD6 4D2C 95BA 662A 7109 E44F DDE6email@example.com|
At the event
We will need someone to collate the keys and print them out. Please let us know how many we should print and where to print them.
What we did last year was go to a lecture theatre with a projector. Each person stands up, shows their photo id and read their fingerprint aloud. printouts of everyone's fingerprints were provided so you can tick off as you go This worked ok but took a long time to get through everyone.
Ad hoc Signing
Put your fingerprint on a piece of paper and hand it out to people. No need to do it formally just swap as you meet.
Things to watch out for:
- does it match thair name
- Does the person have a key with that fingerprint, do the numbers match.
- know that anyone can generate a key and claim an email address
- if someone can be bothered they can keep trying to generate a key with the first 8 digits the same as another key but getting the whole fingerprint is nearly impossible
When you get home
after the event you should have notes of who to trust the next thing to do is sign the key. You can individually sign each key, export the signature and send it to them.
caff is a tool that automates the signing a little. It will sign and send an email (encrypted if possible) containing the signature. It requires some setup but it does make things easier.