Recent changes

Home ›› Latest News

Key Signing Party

Article translations :

What’s a Key Signing Party :

In cryptography, a key signing party is an event where people share their PGP keys. It’s an In-Real-Life meeting. Trusting the fact the key belongs to its so-said owner, participants digitally sign the certificate with the public key, the person name, and so on.

Principle :

For the key signing party (KSP) we’ll use the method "Sassaman-Projected" :

Before the event :

  1. Every participants must have an account on registration interface, with their GPG/PGP keys fingerprints in their personal informations.
  2. Each hour, the event "keychain" is updated and produce a text file with the keys list such as their fingerprints. MD5 and SHA1 checksums are avalaible in this file.
  3. This file will be downloadable on the website and will be no more updated after June 24th.
  4. Participants must print this file and calculate MD5 and SHA1 checksums and check if they fit to ones on the website. If they match, this means that the file is like the one available on the website.
  5. Participants print the file and write calculated checksums in the correct field on the document.
  6. Each participants check if his/her fingerprint is correct.

During the event :

  1. Every participants bring the printed document with him/her. They’ll have to trust only a document they printed themselves and checked for checksums.
  2. Event chaiman will display keys fingerprints on a videoprojector and allow everyone to compare them with their document ones.
  3. Turn by turn, each participant will aggro the videoprojector area with an identity card, that will be projected to all so everyone could examinate it.
  4. While his/her turn, every participant informs (aloud) assembly that his/her fingerprint is correct.
  5. Others participants mark in their list, the identity card validity such as the fact the examinated key fingerprint is validated by his/her owner.
  6. Once the KSP finished, every participant must store his/her list in a safe place, to avoid a forgery.

After the event :

  1. Participants get back public keys of everyone present, either from public keys servers or importing the event "keychain", uploaded by the chairman.
  2. Participants reference their list, checking that every key fingerprint fit, and for these ones, that every identity validation is made.
  3. Once checkups are accomplished, they can sign th key and either export the signed key on a public server or mail it to the key owner. Some prefers not have their key on public servers, so keys are often mailed.
  4. Sent signatures, mailed to each participant by others will be imported in their own "keychain".

Nota Bene :

"Keychain" update will stop the 24th of June, at midnight. Don’t print the keys list before the 25th.

If your key doesn’t appear on the list, this means either it isn’t available on a keys public server, or it wasn’t well registered. Therefore, be sure to have correctly exported and registered your public key. If you don’t wanna export your key on a keys public server, mail to chairman, who will add it to the "keychain".

Key Signing Party is planned to friday, July 4th, between 12h45 and 01h45 PM

Keys list downloading page, here