Key Signing at LCA 2011: 3:45pm on Friday, 28th January 2011

There will be a key signing party at 2011 on the Friday afternoon, from 3:45pm. It requires some advance preparation and is completely optional.

A key signing party is a get-together with PGP users for the purpose of meeting other PGP users and signing keys, thus extending the "web of trust" by a significant degree. It also serves as a forum to discuss cryptography and related issues (time permitting).

Now, After the key signing

With you personal checklist on hand, sign those keys in which you are completely confident. Even if you know what you're doing, please take a moment to read the Validating other keys on your public keyring section of the The GNU Privacy Handbook.

There are several utilities that are useful - I recommend caff(1), part of PGP Tools that's available under Debian (and many derivatives) in the signing-party package.

Mini Howtos

These sections are offered in the hope they prove useful.

Exporting your Public Key

This command will work for many people to export your key so it may be submitted:

$ gpg --export --armor keyid > key.txt

Generating a SHA2 Hash

Here's a example session showing two possible commands to to generate a Secure Hashing Algorithm 2 hash of the party.gpg file with a 512 byte result. Both will produce the same result; however, you may not have both programs installed.

$ openssl dgst -sha512 party.gpg
SHA512(party.gpg)= f156b0aeebf9e562df4859bfd27adc95ea115a6fc75f6778c03f23ec6a345212116c548697d7bb942ce70d8a79e9a9ab93999c8eab88d5ca19ff49557de9e873

$ sha512sum party.gpg
f156b0aeebf9e562df4859bfd27adc95ea115a6fc75f6778c03f23ec6a345212116c548697d7bb942ce70d8a79e9a9ab93999c8eab88d5ca19ff49557de9e873  party.gpg

Checking a GnuPG Detached Signature

Here's a example session showing how to check the detached signature of the party.gpg file:

$ gpg --verify party.gpg.asc party.gpg
gpg: Signature made Thu Dec 30 21:37:06 2010 EST using DSA key ID 2C71D63D
gpg: Good signature from "Mark John Suter <>"
gpg:                 aka "Mark John Suter <>"
gpg:                 aka "Mark John Suter <>"
gpg:                 aka "Mark John Suter <>"
gpg:                 aka "Mark John Suter <>"
gpg:                 aka "Mark John Suter <>"
gpg:                 aka "[jpeg image of size 1485]"

Displaying a Key's Fingerprint

Here's a example session showing how to display the fingerprint of your key:

$ gpg --fingerprint 0x2C71D63D
pub   1024D/2C71D63D 2002-05-30
      Key fingerprint = A330 524C E164 50EA 70BC  2129 458B 28DA 2C71 D63D
uid                  Mark John Suter &lt;;
uid                  Mark John Suter &lt;;
uid                  Mark John Suter &lt;;
uid                  Mark John Suter &lt;;
uid                  Mark John Suter &lt;;
uid                  Mark John Suter &lt;;
uid                  [jpeg image of size 1485]
sub   2048g/54C96D2E 2002-05-30