[Debian-NYC] GPG keysigning party on Friday's get-together
david at axiombox.com
Tue May 5 15:36:35 EDT 2009
As it was previously announced by Richard, this next Friday will be a
Debian-NYC gathering where we will harmoniously raise our beers and
club sodas and toast for the sake of it.
Also, we will be holding a GPG/PGP key signing parrrrrrtay! Given that
it's not necessary to add complexity to this simple process, here are
the guidelines for it:
- We are assuming you have already a GPG/PGP key and access to its
private key. We are assuming you have previously participated on a key
signing party or at least you have exchanged signatures with a person
before. We assume you know how to fetch, sign and send a signed key
back (or upload to a public server). BUT, if you don't, don't worry,
you can mail me off-list for help, I'll be glad to help.
- Prior to the par-tay, upload your key to a publicly accessible key
server (such as pgp.mit.edu).
- The signing party will begin at 9 pm. If you have to leave earlier
or happen to arrive late, don't worry you can still participate
- You have to bring pieces of paper, with your keys' fingerprints
printed on them, ready to give away. Let's calculate 20 (let's all
hope we need more at the end, so just in case bring 10 more :)).
Really geeky guys have already printed business cards.
What to print on those pieces of paper? The output of `gpg --
fingerprint <YOUR ID>` would be enough, like this:
cerdo ~ $ gpg --fingerprint C671257D
pub 1024D/C671257D 2004-12-27 [expires: 2014-12-25]
Key fingerprint = 6EF6 C284 C95D 78F6 0B78 FFD3 981C 5FD7 C671
uid David Moreno <david at axiombox.com>
uid David Moreno Garza <damogar at gmail.com>
uid David Moreno Garza (1984-08-08) <damog at damog.net>
uid David Moreno Garza (Debian Developer) <damog at debian.org
sub 1024g/CE63FE80 2004-12-27 [expires: 2014-12-25]
- You have to bring a government-issued ID. According to Micah, this
is because "we trust the gov't" :). This can be your state's driver's
license or your passport, preferably. If you don't have a government-
issued ID or lost it or your dog ate it, bring as much IDs you have as
possible. We strongly suggest that, in case you doubt the identity of
a fellow signee or he/she fails to provide full proof of identify, do
not sign the key. The name on IDs, of course, has to match the name on
the key's fingerprint.
- When the time comes, all people participating will gather and start
exchanging pieces of paper and identities. After you have confirmed
the other person's identity matching the key's fingerprint, you will
keep his/her piece. of paper and proceed to the next person. When you
are back home, you will sign the keys for all the pieces of paper you
have in your pocket. On-site directions will be instructed, so don't
worry too much for this as of now.
- The "signing-party" Debian package provides very interesting tools
for dealing with all of this. You will be interested on caff, that can
handle mass signings (for your pocket's pieces of paper). Again, if
you find yourself in need for help, let me know off-list.
- From my experience, key signing parties are a great way to bond with
people on this kind of get-togethers so just try to enjoy it :)
- If, for some reason, you don't want or have your key on a server,
make sure to bring your key on a portable device for people to give
away, but you have to make personal arrangements with each person
individually, as such setup will not be supported by this
- Helpful resources:
- Finally, remember the meetup will be at Pacific Std Brooklyn as
usual, Friday May 8th at around 8p.
More information about the DebianNYC