From Fedora Project Wiki

(Rewrote the event description to declutter the words)
Line 1: Line 1:
<!-- == Followup ==
== What ==
What is this key signing thing all about?  This is an event used to create trust paths for the OpenPGP [https://en.wikipedia.org/wiki/Web_of_Trust Web of Trust].  Events like this help create those trust paths that allow you to trust e-mail messages and files received over the Internet (or by other means).  While trust is increased substantially when you receive a message or file from some you have exchanged key signatures with the web allows you to trust others by trusting the path that is created between two keys using others as trust agents.  How well you trust those that create that path is up to you but it does help.


''This section was added after the keysigning and contains some useful followup information.''
== Who ==
Anyone attending FUDCon Lawrence, or who is just passing through the greater Lawrence, KS area, may attend this event.  It is open to the public.  We ask that you register ahead of time so we'll be prepared and you won't have to be the odd one who doesn't have their key already in the keyring.


* Keyring and fingerprints:
=== Signing up ===
** [http://nb.fedorapeople.org/keys2.pdf key and fingerprint list (keys2.pdf)]
<!-- {{admon/warning|The signup deadline has passed|If you still want to participate, bring about 60 slips with your key's fingerprint printed or '''neatly''' written on it.}}-->
** [http://nb.fedorapeople.org/keys2.pdf.sha256sum.asc key and fingerprint list sha256sum]
** [http://nb.fedorapeople.org/keys2.asc keyring to import]
** [http://www.flickr.com/photos/n3pb/sets/72157628896297595/with/6708278535/ Photos of the key fingerprints on the board.]
** IDs of keys signed: 110810E9 154FDAF0 57E02D57 D72AD0EF 1999A427 85DACC63 B2420431 62A2258E 0E572FDD 024BB3D1 3A7676E7 210BDF5A 9342BF08 1F85118D 07D2F8B4 89CCAE8B 34E36341 390EBBB9 AA482E46 92F0FC09 E65E4F3D FA6C4994 D1F5C478 DAD3DF0E 8B3D4806 9B649644 5B7CBD2B 94BC377E 1285BE7C 750152F1 CD84EE48 DF044293 188C6D38 2486CFD6 D39BE61C C40F2998 C8391120 EBD267AB 6EF4DA92 B4D3D7B0 835D13A0
* Signing tools
** '''caff''' is part of the '''pgp-tools''' package.
** [http://www.phildev.net/pius/pius pius (PGP Individual UID Signer)]
* The strong set in the PGP web of trust
** [http://en.wikipedia.org/wiki/Web_of_trust#Mean_shortest_distance Explanation at Wikipedia.]
** [http://pgp.cs.uu.nl/plot/ analysis of the strong set in the PGP web of trust]
** [http://www.lysator.liu.se/~jc/wotsap/index.html wotsap (Web of trust statistics and pathfinder)] - take a look at the [http://www.lysator.liu.se/~jc/wotsap/search.html search page] for a bunch of interesting things you can do.  [http://webware.lysator.liu.se/jc/wotsap/wots/latest/groupmatrix/110810E9,0x154FDAF0,0x57E02D57,0xD72AD0EF,0x1999A427,0x85DACC63,B2420431,0x62A2258E,0x0E572FDD,024BB3D1,3A7676E7,0x210BDF5A,0x9342BF08,0x1F85118D,0x07D2F8B4,0x89CCAE8B,0x34E36341,0x390EBBB9,AA482E46,0x92F0FC09,E65E4F3D,0xFA6C4994,D1F5C478,DAD3DF0E,0x8B3D4806,9B649644,5B7CBD2B,94BC377E,1285BE7C,0x750152F1,CD84EE48,DF044293,188C6D38,2486CFD6,D39BE61C,C40F2998,C8391120,0xEBD267AB,0x6EF4DA92,0xB4D3D7B0,0x835D13A0.txt Here] is a matrix of all the key signings from FUDCon.  (Note: It sometimes takes quite a while for new data to show up in the wotsap.)
-->
== Signing up ==
<!-- {{admon/warning|The signup deadline has passed|If you still want to participate, bring about 60 slips with your key's fingerprint printed or '''neatly''' written on it.}}
There will be a GPG Key Signing Event held at FUDCon Blacksburg 2012 on Saturday, January 14th, at 1700 (5pm). There will also be a [[FUDCon:Blacksburg_2012_CAcert_Assurance_Event|CAcert Assurance event]] held at 1600 (4pm), immediately preceding this event.
-->
Please sign up below and make sure your key is available on the public keyserver network or make a note here with the url if it is not.


<!-- == Notice of change ==
Please sign up below and make sure your key is available on the public keyserver network or make a note here with a URL to the public key.
Nick and I are working through the last minute logistics that goes along with the event.  We hadn't planned on this event event being so popular!  With this in mind we have decided to change the way we are doing the key verifications.  Originally we were planning on each person, individually, standing up and reading their key aloud while everyone else verified the paper copy provided for the event. This procedure is used most often and is the most secure.  The problem is we now have <strike>forty-four</strike> forty-nine keys to be signed!  That's going to take a while!


For larger parties the recommended procedure is the "hash-based method".  The keys will still be provided to everyone on paper.  The file will be digitally signed (and electronic versions of the document will be made available).  At the event everyone verifies that *their* key is listed correctly on the paper and then the host will read the hash to everyone so that everyone can verify that their copy is correct and has not been modified.  Once this happens and everyone is satisfied that they have the correct list of keys then we check everyone's identification.
== Where ==
The key signing event will be held at [[FUDCon:Lawrence_2013|FUDCon Lawrence]] on the campus of Kansas University.


If anyone has any concern about this procedure please let us know *now* so we can address this. 
== When ==
-->
Saturday, 19 January 2013
<!-- [http://nb.fedorapeople.org/keys2.pdf key and fingerprint list]


[http://nb.fedorapeople.org/keys2.pdf.sha256sum.asc key and fingerprint list sha256sum]
Please see the [[FUDCon:Lawrence_2013#Saturday.2C_January_19|Saturday schedule]] for exact time and location information as this is subject to change.


[http://nb.fedorapeople.org/keys2.asc keyring to import]
== How ==
-->
Participating in a key signing event is quite easy and signing the keys afterwards is even easier.
== Things to bring to the event: ==
# Yourself
# At least one government issued photo ID
# Your key's fingerprint
# A pen/pencil or whatever you'd like to write with....
# NO computer (or at least leave it in your bag or something, you don't need to actually sign the keys right then)


=== Why shouldn't I bring a computer?===
=== Things to bring to the event: ===
* Yourself
* At least one government issued photo ID
* Your key's fingerprint (<code>gpg --fingerprint keyid</code>) printed or written down
* A writing instrument (pen or pencil)
 
=== Things to *not* bring to the event: ===
* A computer
 
==== Why you shouldn't bring a computer? ====
There are a variety of reasons, why you don't want to do this. The short answer is it would be insecure, unsafe, and of no benefit. For those not convinced, here are some reasons why it is insecure, unsafe, and of no benefit.
There are a variety of reasons, why you don't want to do this. The short answer is it would be insecure, unsafe, and of no benefit. For those not convinced, here are some reasons why it is insecure, unsafe, and of no benefit.
* If people are carrying their secret keys with them and intend to do the signing at the actual meeting by typing their passphrase into a computer, then they are open to key-logging attacks, shoulder-surfing, etc.
* If people are carrying their secret keys with them and intend to do the signing at the actual meeting by typing their passphrase into a computer, then they are open to key-logging attacks, shoulder-surfing, etc.
* Someone might spill $beverage on it.
* Someone might drop it or knock it off the table.
* Someone might drop it or knock it off the table.
* Etc
* Etc


== Keysigning Procedure ==
=== Key signing Procedure ===
# Generate a key/Remember your pass phrase
# [[Creating_GPG_Keys|Generate a key]]
# All attendees send their public keys to a public keyserver. For this party, we'll use keys.bz or keys.christensenplace.us. If for some reason you don't want your key to be in a public keyserver, but still want to participate, please let me know.
# All attendees send their public keys to a public keyserver. If for some reason you don't want your key to be in a public keyserver, but still want to participate, please let me know.
# All attendees posts their fingerprint to this wiki page (see below). The event coordinator will compile everyone's key information.
# All attendees posts their fingerprint to this wiki page (see below). The event coordinator will compile everyone's key information.
# The host prints a list with everyone's fingerprint from the compiled keyrings and distributes copies of the printout at the meeting.
# The host prints a list with everyone's fingerprint from the compiled keyrings and distributes copies of the printout at the meeting.
# Attend the party. Bring along a paper copy of your fingerprint that you obtained from your own keyring. You must also bring along a suitable photo ID. Instruct the attendees at the beginning that they are to make two marks on the listing, one for correct key information and one if the ID check is ok.
# Attend the party. Bring along a paper copy of your fingerprint that you obtained from your own keyring. You must also bring along a suitable photo ID. Instruct the attendees at the beginning that they are to make two marks on the listing, one for correct key information and one if the ID check is ok.
# At the meeting the host will distribute the key forms and a hash of that form (also available from this wiki page).  The host will read the hash key out so that everyone can verify they have the same file.  Everyone will verify that their fingerprint is correct on the form.  Once everyone has verified these two pieces of information we will start with the identifications.
# At the meeting the host will distribute the key forms and a hash of that form.  The host will read the hash key out so that everyone can verify they have the same file.  Everyone will verify that their fingerprint is correct on the form.  Once everyone has verified these two pieces of information we will start with the identifications.
# After everyone has read his key ID information, have all attendees form a line.
# After everyone has read his key ID information, have all attendees form a line.
# The first person walks down the line having every person check his ID.
# The first person walks down the line having every person check his ID.
Line 64: Line 50:
# After everybody has identified himself or herself the formal part of the meeting is over. You are free to leave or to stay and discuss matters of PGP and privacy (or anything else) with fellow PGP users. If everyone is punctual the formal part of the evening should take less than an hour.
# After everybody has identified himself or herself the formal part of the meeting is over. You are free to leave or to stay and discuss matters of PGP and privacy (or anything else) with fellow PGP users. If everyone is punctual the formal part of the evening should take less than an hour.
# After confirming that the key information on the key server matches the printout that you have checked, sign the appropriate keys. Keys can only be signed if they have two check-marks.
# After confirming that the key information on the key server matches the printout that you have checked, sign the appropriate keys. Keys can only be signed if they have two check-marks.
# Send the signed keys back to the keyservers.
# Send the signed keys back to the key-servers.
# Use those keys as often as possible.  
# Use those keys as often as possible.  


=== Acceptable Identification ===
=== Acceptable Identification ===
We are not providing specific guidelines on what IDs are acceptable, or how many are required, however, it is generally expected that each participant will be able to provide some sort of government issued photo identification, such as driver's license, passport, etc., matching the name on their key.  It is up to the other participants whether or not they will accept your identification.
There are no hard and fast rules of what forms of identification are acceptable to any specific individual.  Generally speaking the following forms of identification should be acceptable:
* Passport
* Driver's license
* State identification
* Other forms of photo identification


== Uploading your key to a keyserver ==
=== Uploading your key to a keyserver ===
To upload your key, do <code>gpg --keyserver pool.sks-keyservers.net --send-keys 0xYOURKEYID</code>
To upload your key, do <code>gpg --keyserver pool.sks-keyservers.net --send-keys 0xYOURKEYID</code>
== CAcert Assurance ==
There will also be a [[FUDCon:Lawrence_2013_CAcert_Assurance_Event|CAcert Assurance event]].


== Key List ==
== Key List ==
Line 100: Line 87:
! Name !! FAS Username !! Key ID !! Fingerprint
! Name !! FAS Username !! Key ID !! Fingerprint
|}
|}
== CAcert Assurance ==
There will also be a [[FUDCon:Lawrence_2013_CAcert_Assurance_Event|CAcert Assurance event]].


Back to [[FUDCon:Lawrence_2013]].
Back to [[FUDCon:Lawrence_2013]].

Revision as of 00:54, 22 December 2012

What

What is this key signing thing all about? This is an event used to create trust paths for the OpenPGP Web of Trust. Events like this help create those trust paths that allow you to trust e-mail messages and files received over the Internet (or by other means). While trust is increased substantially when you receive a message or file from some you have exchanged key signatures with the web allows you to trust others by trusting the path that is created between two keys using others as trust agents. How well you trust those that create that path is up to you but it does help.

Who

Anyone attending FUDCon Lawrence, or who is just passing through the greater Lawrence, KS area, may attend this event. It is open to the public. We ask that you register ahead of time so we'll be prepared and you won't have to be the odd one who doesn't have their key already in the keyring.

Signing up

Please sign up below and make sure your key is available on the public keyserver network or make a note here with a URL to the public key.

Where

The key signing event will be held at FUDCon Lawrence on the campus of Kansas University.

When

Saturday, 19 January 2013

Please see the Saturday schedule for exact time and location information as this is subject to change.

How

Participating in a key signing event is quite easy and signing the keys afterwards is even easier.

Things to bring to the event:

  • Yourself
  • At least one government issued photo ID
  • Your key's fingerprint (gpg --fingerprint keyid) printed or written down
  • A writing instrument (pen or pencil)

Things to *not* bring to the event:

  • A computer

Why you shouldn't bring a computer?

There are a variety of reasons, why you don't want to do this. The short answer is it would be insecure, unsafe, and of no benefit. For those not convinced, here are some reasons why it is insecure, unsafe, and of no benefit.

  • If people are carrying their secret keys with them and intend to do the signing at the actual meeting by typing their passphrase into a computer, then they are open to key-logging attacks, shoulder-surfing, etc.
  • Someone might drop it or knock it off the table.
  • Etc

Key signing Procedure

  1. Generate a key
  2. All attendees send their public keys to a public keyserver. If for some reason you don't want your key to be in a public keyserver, but still want to participate, please let me know.
  3. All attendees posts their fingerprint to this wiki page (see below). The event coordinator will compile everyone's key information.
  4. The host prints a list with everyone's fingerprint from the compiled keyrings and distributes copies of the printout at the meeting.
  5. Attend the party. Bring along a paper copy of your fingerprint that you obtained from your own keyring. You must also bring along a suitable photo ID. Instruct the attendees at the beginning that they are to make two marks on the listing, one for correct key information and one if the ID check is ok.
  6. At the meeting the host will distribute the key forms and a hash of that form. The host will read the hash key out so that everyone can verify they have the same file. Everyone will verify that their fingerprint is correct on the form. Once everyone has verified these two pieces of information we will start with the identifications.
  7. After everyone has read his key ID information, have all attendees form a line.
  8. The first person walks down the line having every person check his ID.
  9. The second person follows immediately behind the first person and so on.
  10. If you are satisfied that the person is who they say they are, and that the key on the printout is theirs, you place another check-mark next to their key on your printout.
  11. Once the first person cycles back around to the front of the line he has checked all the other IDs and his ID has been checked by all others.
  12. After everybody has identified himself or herself the formal part of the meeting is over. You are free to leave or to stay and discuss matters of PGP and privacy (or anything else) with fellow PGP users. If everyone is punctual the formal part of the evening should take less than an hour.
  13. After confirming that the key information on the key server matches the printout that you have checked, sign the appropriate keys. Keys can only be signed if they have two check-marks.
  14. Send the signed keys back to the key-servers.
  15. Use those keys as often as possible.

Acceptable Identification

There are no hard and fast rules of what forms of identification are acceptable to any specific individual. Generally speaking the following forms of identification should be acceptable:

  • Passport
  • Driver's license
  • State identification
  • Other forms of photo identification

Uploading your key to a keyserver

To upload your key, do gpg --keyserver pool.sks-keyservers.net --send-keys 0xYOURKEYID

Key List

Name FAS Username Key ID Fingerprint
Eric Christensen Sparks 0x024BB3D1 097C 82C3 52DF C64A 50C2 E3A3 8076 ABDE 024B B3D1
Nicholas Bebout nb 0x110810E9 167B 4A54 236B BEAA 37DC CD92 ED14 D5E7 1108 10E9
Zachary Oglesby zoglesby 0xF20C4707 AC8D 352D 380B B89B A3C2 7F43 DB36 FD89 F20C 4707
Matt Domsch mdomsch 0x92F0FC09 17A4 17D0 81F5 4B5F DB1C AEF8 21AB EEF7 92F0 FC09
Jared Smith jsmith 0x210BDF5A 1E46 74AA A394 0EAA 6596 FDF0 7D9D 159F 210B DF5A
Simon Sekidde sekidde 0x94BC377E 5848 958E 73BA 04D3 7C06 F096 1BA1 2DBF 94BC 377E
Ralph Bean ralph 0x971095FF 9450 4C3A E11D D197 9200 58AB A90E D7DE 9710 95FF
Andrew Wafaa - - - 0x3A36312F 7982 F65B 0DD6 B382 8681 E61E 5153 D01B 3A36 312F
Jeff Bastian jbastian 0x497F4595 52E2 C044 D7DC 9BB4 9C15 3A65 7512 3214 497F 4595
Name FAS Username Key ID Fingerprint


CAcert Assurance

There will also be a CAcert Assurance event.

Back to FUDCon:Lawrence_2013.