Keysigning Party @ FrOSCon 2011

Kultiges Zusammensitzen und gemeinsames Murmeln magischer Zahlen.

Gert Döring, FdI 95

At the FrOSCon (Free and Open Source Conference) 2011 in St. Augustin (near Bonn) there will be an OpenPGP (pgp/gpg) keysigning party.

The party will be on Saturday, August 20th, in room HS1 at 19:30
Programm Overview.

What is/Why keysigning?

Please read section One of the GnuPG Keysigning Party HOWTO (note: we are doing the party slightly different, so the other chapters do not apply 100%).

How

The party will be conducted using Len Sassaman's Efficient Group Key Signing Method:

If you intent to participate please send your key to our keyserver: gpg --keyserver hkp://ksp.froscon.org --send YOURKEYID until Thursday, August 18th, 2011 - 23:59 (CEST).

If your key is not listed at http://ksp.froscon.org/keys/ after submission, please contact me personally.
This deadline has now passed. If you haven't submitted your key yet, it's too late.
If you still want to participate, please follow the points listed below, like everybody else (i.e. grab the file, check the checksum and bring the printout with you). This is so that you can sign other people's keys.
In addition print your key information on small paperslips and bring enough for everyone (say 50 or so)
By Friday, August 19th 2011 you will be able to fetch both the complete keyring with all the keys that were submitted along with a text file (ksp-froscon11.txt) giving the fingerprint of each key on the ring.
At home, verify that the fingerprint of your key in ksp-froscon11.txt is correct. Also compute the ripemd160 hash of ksp-froscon11.txt. One way to do this is with gpg invoked as follows:

% gpg --print-md ripemd160 ksp-froscon11.txt

Just to be sure that you have no problems with the download, here is the ripemd160 hash as we have calculated it:
5551 334E B72A .... .... .... ....
Note that this is just a hint - you must do the check yourself.
We will also read the SHA256 hash, so you should calculate that too (gpg --print-md sha256).
At the conference, come with the hash you computed and a hardcopy of ksp-froscon11.txt.
A reader at the front of the room will recite the ripemd160 hash of ksp-froscon11.txt. Verify that the hash recited matches what you computed. This guarantees that all participants are working from the same list of keys.
In turn, each participant will stand and acknowledge that the fingerprint of his or her key listed is correct. Mark the key verified on your hardcopy. Since we already ensured that everybody has the same copy a simple statement like "yes, this information is correct" is sufficient.
The next step is to verify each participant's identity by checking her passport or similar form of ID.
Later that evening, or perhaps when you get home, you can sign the keys which you were able to verify on your hardcopy. After you signed a key send it to its owner together with your signature.

Downloads:

Summary: What to bring with you

A printout of ksp-froscon11.txt; check that your fingerprint is correct.
The ripemd160 (and, optionally, SHA256) hashes you made of ksp-froscon11.txt so that we can ensure we are all working with the same copy.
Some form of government issued ID (passport or similar).

If you have questions please ask Sebastian Harl <tokkee@froscon.org>.

Relevant Information and Sources for More Information

caff

CA Fire and Forget is a script that helps you in keysigning. It takes a list of keyids on the command line, fetches them from a keyserver and calls GnuPG so that you can sign it. It then mails each key to all its email addresses - only including the one UID that we send to in each mail, pruned from all but self sigs and sigs done by you.

Download it: caff.

Depends: gnupg (>= 1.3.92), perl, libgnupg-interface-perl, libmime-perl, libmailtools-perl (>= 1.62)

gpgsigs

Uli Martens wrote a small perl script that, given a key ID and ksp-froscon11.txt tells you which keys (UIDs) you already signed by annotating the UID with (S).

153  [ ] Fingerprint OK        [ ] ID OK
(S)  pub  1024D/52698E9F 2001-11-07 Uli Martens <uli@youam.net>
     Key fingerprint = A48F 8894 37A0 FDE9 60D5  212A 2A58 CEAA 5269 8E9F
(S)  uid     Uli Martens <isax@gmx.de>
( )  uid     Uli Martens <u.martens@youam.com>
(S)  uid     Uli Martens <u.martens@scientific.de>

Download it: gpgsigs.

It requires perl, gnupg (>=1.2.x) and either Locale::Recode (in Debian Package libintl-perl, in testing and unstable) or recode (Debian Package recode).

Last modified: Fri Aug 19 09:42:30 CEST 2011

formorer@formorer.de <formorer@formorer.de>

This Page Is Valid HTML 4.0 Transitional!