WOS 3 / Programm / Specials / Keysigning Party / Keysigning Party

OpenPGP (pgp/gpg) Keysigning Party

Friday, 11 June 2004, 19:00, Workshop Room

organized by
Alexander Schmehl
Debian Project, Frankfurt/M.

What is/Why keysigning?

Please read section One of the GnuPG Keysigning Party HOWTO. (note: we are doing the party slightly different, so the other chapters do not 100% apply).


The Party will be conducted using Len Sassaman's Efficient Group Key Signing Method:
  • If you intent to participate please send your ascii armored public key to ksp-WOS3(at)schmehl.info by Tuesday, June 8th, 2004.

    Preferably do not sign or encrypt your email, attach the keys as a file, and name that file like your email address (multiple keys per file/armor are just fine).

    If your key is not listed [here] within two or three days, please contact me personally.

  • By Wednesday, June 9th, you will be able to fetch both the complete keyring with all the keys that were submitted along with a text file ( ksp-WOS3.txt) giving the fingerprint of each key on the ring.

  • At home, verify that the fingerprint of your key in ksp-WOS3.txt is correct. Also compute the MD5 hash of ksp-WOS3.txt. One way to do this is with md5sum invoked as follows:

    % md5sum ksp-WOS3.txt


    gpg --print-md md5 ksp-WOS3.txt

    We will also read the SHA1 hash, so you can calulate that too
    (sha1sum or gpg --print-md sha1).

  • At the WOS, come with the hash you computed and a hardcopy of ksp-WOS3.txt.

  • A reader at the front of the room will recite the MD5 hash of ksp-WOS3.txt. Verify that the hash recited matches what you computed. This guarantees that all participants are working from the same list of keys.

  • In turn, each participant will stand and acknowledge that the fingerprint of his or her key listed is correct. Mark the key verified on your hardcopy. Since we already ensured that everybody has the same copy a simple statement like "yes, this information is correct" is sufficient.

  • The next step is to verify each participant's identity by checking her passport or similar form of ID.

  • Later that evening, or perhaps when you get home, you can sign the keys which you were able to verify hardcopy. After you signed a key send it to its owner together with your signature.

Downloads (Do not exist yet):

Summary: What to bring with you
  • A printout of ksp-WOS3.txt; check that your fingerprint is

  • The MD5 Hash you made of ksp-WOS3.txt so that we can
    ensure we are all working with the same copy.

  • Some form of government issued ID (passport or similar).

If you have questions please ask Alexander Schmehl <alexander(at)schmehl.info>.

Relevant Information and Sources for More Information

Last modified: Tuesday, 04-Apr-2004 17:12 CEST
Alexander Schmehl <schmehl(at)informatik.uni-frankfurt.de>
copied from a text by Peter Palfrader <peter(at)palfrader.org>

[^] top

Creative Commons License
All original works on this website unless otherwise noted are
copyright protected and licensed under the
Creative Commons Attribution-ShareAlike License Germany.