KeySigningParty

PGP Key Signing Party

Key signing parties is a subject that has, on the whole, been chewed and gone through many times in the open source community. As such, this page tries to keep itself only to the introductory level on the one hand, and to the small details on the other. For real background material, please check the "Further Reading" section at the end of this page.

Contents

  1. PGP Key Signing Party
  2. Why?
  3. When? Where?
  4. What are the Risks? (Why Not?)
  5. Participating in a Party
    1. Generating a Key
    2. Publishing Your Key
    3. Sending Your Key to the Party Organizer
    4. Right Before the Party
    5. At the Party
    6. After the Party
  6. Background Material

Why?

PGP (Pretty Good Privacy), as well as its free implementation, GPG (GNU Privacy Guard), are personal peer to peer encryption systems. This means two people can communicate in a secure, authenticated way between them, without having to go through any third party Certificate Authority or anything of the kind. In order to establish the "authenticated" part, a trusted path of verification needs to be established between the participants of the encryption. In order to achieve this, whenever hackers from all over the world meet, it is traditional to hold a key signing party, where people's identities can be verified and tied to their keys.

When? Where?

Key signing parties are periodically organized whenever someone decides to organize them. This is usually at WineConf, but any face to face is a good chance to sign keys. Of course, for one on one meetings, there is no need to go through the entire key signing party procedure. More details at the background material.

What are the Risks? (Why Not?)

There are two risks commonly involved with having a PGP key. The first risk is having the key become known to someone else. The second, more common, risk is that you will lose your own risk. The how to generate below tries to address both of those risks.

Please note that in some countries, a digital signature is every bit as binding as any other signature. In some of those countries, the law does not reference any particular technology for the signature. In those countries, it is important to make sure you take all of the precaution steps described below, or you might find yourself legally liable for things you don't want to be.

Participating in a Party

Generating a Key

Generated keys should not be too short. 2048 bits is, generally speaking, considered to be the shortest reasonable key length accepted today. Unfortunately, this is not the key lengths that gpg will generate by default. This guide will take you through a step by step for generating a new PGP key for yourself.

To generate a new key using gnupg: 

~$ gpg --gen-key
gpg (GnuPG) 1.4.10; Copyright (C) 2008 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 4

Earlier versions of gnupg had a slightly different screen, not offering option 1. Users of those versions often generated insecure 1024 bit keys, because options 3 and 4 present themselves as "sign only". We are selecting "4" for the sake of those users. Users who are getting option 1 above can go with that and skip a few steps further on. Under not circumstances should you choose an Elgamal key. Elgamal uses a fixed length 1024 bit key that is already considered not safe today. Beware that if your version of gpg is old enough, that is what the default is going to be. 

Your selection? 4
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 1y
Key expires at Sat 29 Oct 2011 11:20:12 PM IST
Is this correct? (y/N)

Why 1 year? Because you might lose the key. Here is what most howtos don't tell you about PGP keys - their validity can always be extended, but cannot easily be reduced. Always set a relatively close expiration date for the key, and extend it as necessary, at least until you are sure you are up to the task of keeping the key for a prolonged period of time. 

Is this correct? (y/N) y

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
    "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"

Real name: Barack Obama
Email address: bo@whitehouse.gov
Comment: 
You selected this USER-ID:
    "Barack Obama <bo@whitehouse.gov>"

The name you use for the key must be your complete real name. The above, for example, would not be accepted by some signers, as the US president's real name is Barack Hussein Obama. Also, the spelling should be match what your Passport uses. A PGP key cannot use your internet alias, or you won't be able to get it signed. 

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.

Not enough random bytes available.  Please do some other work to give
the OS a chance to collect more entropy! (Need 244 more bytes)
..+++++
.....+++++
gpg: key 1886F9C2 marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, classic trust model
gpg: depth: 0  valid:   4  signed:  48  trust: 0-, 0q, 0n, 0m, 0f, 4u
gpg: depth: 1  valid:  48  signed:  35  trust: 45-, 0q, 0n, 1m, 2f, 0u
gpg: depth: 2  valid:   1  signed:   3  trust: 1-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2011-08-05
pub   2048R/1886F9C2 2010-10-29 [expires: 2011-10-29]
      Key fingerprint = 5EAA BA8A A238 5C43 CCD2  23E9 DF0D E0B8 1886 F9C2
uid                  Barack Obama <bo@whitehouse.gov>

Note that this key cannot be used for encryption.  You may want to use
the command "--edit-key" to generate a subkey for this purpose.

If you had an "RSA and RSA" option for the key type, you are done. If not, only a signing key was generated at this point. You will need to also generate an encryption key in order for the key to be fully functional. 

$ gpg --edit-key 1886F9C2
gpg (GnuPG) 1.4.10; Copyright (C) 2008 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

pub  2048R/1886F9C2  created: 2010-10-29  expires: 2011-10-29  usage: SC  
                     trust: ultimate      validity: ultimate
[ultimate] (1). Barack Obama <bo@whitehouse.gov>

gpg> addkey
Key is protected.

You need a passphrase to unlock the secret key for
user: "Barack Obama <bo@whitehouse.gov>"
2048-bit RSA key, ID 1886F9C2, created 2010-10-29

Please select what kind of key you want:
   (3) DSA (sign only)
   (4) RSA (sign only)
   (5) Elgamal (encrypt only)
   (6) RSA (encrypt only)
Your selection? 6
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 1y
Key expires at Sat 29 Oct 2011 11:46:03 PM IST
Is this correct? (y/N) y
Really create? (y/N) y
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
.+++++
.........+++++

pub  2048R/1886F9C2  created: 2010-10-29  expires: 2011-10-29  usage: SC  
                     trust: ultimate      validity: ultimate
sub  2048R/0BDAE741  created: 2010-10-29  expires: 2011-10-29  usage: E   
[ultimate] (1). Barack Obama <bo@whitehouse.gov>

gpg> save

Notice that we limit the validity of the encryption key as well. Also note the extensive use of the numeric identifiers to identify the key.

Last thing we need to do is to generate a revocation certificate and store it in a safe location: 

$ gpg --gen-revoke 1886F9C2

sec  2048R/1886F9C2 2010-10-29 Barack Obama <bo@whitehouse.gov>

Create a revocation certificate for this key? (y/N) y
Please select the reason for the revocation:
  0 = No reason specified
  1 = Key has been compromised
  2 = Key is superseded
  3 = Key is no longer used
  Q = Cancel
(Probably you want to select 1 here)
Your decision? 1
Enter an optional description; end it with an empty line:
> 
Reason for revocation: Key has been compromised
(No description given)
Is this okay? (y/N) y

You need a passphrase to unlock the secret key for
user: "Barack Obama <bo@whitehouse.gov>"
2048-bit RSA key, ID 1886F9C2, created 2010-10-29

ASCII armored output forced.
Revocation certificate created.

Please move it to a medium which you can hide away; if Mallory gets
access to this certificate he can use it to make your key unusable.
It is smart to print this certificate and store it away, just in case
your media become unreadable.  But have some caution:  The print system of
your machine might store the data and make it available to others!
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: A revocation certificate should follow

iQEfBCABCAAJBQJMy0FoAh0CAAoJEN8N4LgYhvnCg9YIAKLDKnb2dOKs/iRDJoTd
Nxf7/i09b66ZKxoW8Z06cTTqNkDpmBX+tYj+l2bCnpsgsPCwrFkVsfebgRN5GeDz
Fjg71g0DEjj4m5JSqUcwwFHQFqnegu6H2ZNbQYuTol/1f8niUczHCJkPH1TmfFIc
5UV625kgpgAsBipSmlBxR5ERZqw105uLJkMqMBfHdkZ6/D9KUxcNVBIq32N3CKGc
ttqytUORRvVdzksnzEqe8lxTlUR5+JKmBDtoplNnaEDi2P1kO0F50b2PeU5oHG6d
DW1Pexj/CRgue38JO420X0wsX/TO7Zm0XWu1wSNUq6tJa2noJs//h5IXFNp8w2Ha
VsA=
=/5K7
-----END PGP PUBLIC KEY BLOCK-----

This last sequence of characters is the revocation certificate. Read the warnings that GPG is printing. Had the above certificate been real, publishing this revocation certificate would have meant that anyone on the internet could revoke my key. Not good.

Publishing Your Key

Publishing your key for the whole world to see is the best way to make your key known. Of course, as the above example clearly shows, the mere fact that a key says a certain name does not actually mean that is the owner. That is the reason the published key also contains the signatures on that key.

There are several pgp key servers around the internet, the most known of which is, probably, at MIT.

First, you need to export your key: 

$ gpg --export -a "barack obama"
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.10 (GNU/Linux)

mQENBEzLP3ABCADM1EP/EFKOdZ/B94XgmmtFVO97QnTDnGALEuD+fZHRyev0taDz
3yJWRq68QdmchXJv7zaubm2y5Hjdg3t8kDWltYaDJ9L7yywsjRVI4FFl4pwi96ir
CRM0ga1d6LNdLpA2NnRW6FD1zXcWJEimy/Vj+O2MqM0kaUDG/X3OSztgvB6PVg7c
pOkSEUdsLCtU+wV0djvhUWx2CWi7n0BZSAXaNslvU/1m18ufmUCjvv42FM6iRsa0
iAfd/e+XXD4Nf3r09VDREIJ5/8XJAv4NtgKq1wZ/tiRI52xdZSGHw0boquoTcG/2
nV2gYQKPzcYC3/KD0GxeJbuQJ4RSWmWNnz0zABEBAAG0IEJhcmFjayBPYmFtYSA8
Ym9Ad2hpdGVob3VzZS5nb3Y+iQE9BBMBCAAnBQJMyz9wAhsDBQkB4TOABQsJCAcD
BRUKCQgLBRYCAwEAAh4BAheAAAoJEN8N4LgYhvnCiEUH/j1WsJQIbjSA7LZ1VRSs
TznOsd4JRfUtevQtzHtsqVCXTLvruO6J7xHJYewmZovH6nlDgb500E0E3WKgfa25
UWttJIKoUCYeQXPDNXdsNEH+ODIflZZjHiaiavcP7Nbhzqq/iy3kgP9uioKm6RTK
tPDaBFjattTIVAEGTFRBeiwqhofsXYVWOOqzbORdnU0ASUXLL3xRqaNZkrPk8O4b
xbdHIHAixvGYD7eOtbBW41Y4YHsx9zdT/0KbPe6uZZterwdSvAHyGM6RcfE1Y6PV
v4+TUYQloESw5JFiWB2LrJb07y1cV+hwh8uH5/c/Nf1lXayX5hYuSn0mtlOxsmiO
7hm5AQ0ETMtAmwEIAK0Vo7ccrXzC2w+A95HlFtDDnynh0NtjdnAC2Bkk1SV72hZt
ygRk9erTphUOi9v+d/C+vLf5X7GOE5ACTHYrxYpP4KMgBH/z7xUHGOlQ0A61xTC8
F4Gh61KLrn52m1lFl+5w1kyJ7JPYdvRC7v0ubQAE2Yymvzlm1CZciKVNRibHwNKy
c8fTH9aozeOF7bmfhMBFNM8r/xfTiQiflA6THY7DpzWzc8j/363JexHG8c4Mrls5
jd+g+SZOKf5JEPYx84pncP7zoHhhjRK5cSmK/VsXr/moIk1ScDsDaKHEsA8Hak9Z
KAKyzAXSJZp4ONQKvm8VNaApp59oxV6nMZoaEN8AEQEAAYkBJQQYAQgADwUCTMtA
mwIbDAUJAeEzgAAKCRDfDeC4GIb5wlncB/4hmF4Q4Duygu0lWocfr+dChyGcFsGt
mHNn0nseVHJXBfMn0E3zp/MzykNBwxsU7+g3nF/I5lsAIhRPpo9k95f4q3Dn+gh8
8X1BjGCAhclvN4O1O03s8xSY+P4nBTNqy7vOtRaYOBzNqsuJAHHeYgD/f624cBqB
0c4py97nh+V3SIBrV9nPV2UVZYhQOSU3pxZkYiUOE2cLBCTziQDjhFWXSvxpm4Tc
t1NbwJv1OgITl1hkymJbvAhvYzlh3jk6KNrXsqNzW0UTvN7gJTHiWp5agkekRPiG
JAxEcNEdiRoBtmewQDzY9wzW9Nbvc+I5UU9nHE2bX6Vv9jOZVyBD9xGr
=LhaP
-----END PGP PUBLIC KEY BLOCK-----

Copying the text above into the key server will cause it to publish, update or revoke your key. Please don't try to publish the above key, it was deliberately corrupted so that it will not be accepted by the server. The key servers already carry too many phony keys for the American president.

Please note that this step is completely optional, and not required in order to participate in a key signing party.

Also note that it is not necessary to refer to the key by its ID. You can also refer to it by the name on the key.

Sending Your Key to the Party Organizer

When announcing the PGP key party, the organizer will also publish where to send your keys if you decide to participate. If your key is not published by the key servers, it will be necessary to send your entire key (as above) to the party organizer. If your key is published it is enough to send just the key fingerprint (more in a bit), but it is an act of curtsy to send the entire key. The best way to send a key is to save it to a file with the "asc" extension, which stands for "ASCII armored key". 

gpg --export -a barack > /tmp/barack_obama.asc

Whether you are sending the key or not, always also send the key fingerprint: 

$ gpg --fingerprint barack
pub   2048R/1886F9C2 2010-10-29 [expires: 2011-10-29]
      Key fingerprint = 5EAA BA8A A238 5C43 CCD2  23E9 DF0D E0B8 1886 F9C2
uid                  Barack Obama <bo@whitehouse.gov>
sub   2048R/0BDAE741 2010-10-29 [expires: 2011-10-29]

Right Before the Party

What you should bring to the key signing party:

  • Pencil
  • Official photo ID. For internationally held parties, this should really only be a passport.
  • A trusted copy of your key's fingerprint.

What you should not bring to a key signing party:

  • A laptop

Read the background material for an explanation of why that is.

At the Party

The key signing party comprises of two stages. In the first, each participants verifies that all copies of the keys, brought in by the organizer, contain his/her true public key fingerprint. This is done by reading the fingerprint out loud, and each participant verifying that this is, indeed, his key.

The second stage of the party is when each participant checks the photo-ID of each other participant, and makes sure that their name match the one printed on the paper.

After the Party

After the party is done, the organizer will email all participants a keyring file which contains all of the participants' keys. Each participant should sit down with his own piece of paper, on which he verified the identity of all other participants, and sign each key that is verified. The signer can either mail the key to the email address listed on the key, or (less recommended), publish the new key to the key server.

Background Material

This text is, mostly, an introduction. Good resources are:

KeySigningParty (last edited 2010-10-30 10:01:18 by ShacharShemesh)