The Keysigning party at SHA2017 will be a classic Sassaman-Efficient based keysigning party with some SHAdaptions, provided that at least 20 people show up. If not, we'll fall back to exchanging keyslips.
Pre-signups are closed! However, please bring your own keyslip, as we still love to sign your keys. It just won't be that efficient :)
The SHAdaptions mainly consist of:
- Replacing the checksums with a SHA256 one
- Adding badges for easily verifying keys visually, and showing your signing policy
For a complete protocol, please see below at the Protocol section
Additionally, everyone is encouraged to bring keyslips anyway, so people who have not been able to prepare, can sign and have their key signed, but in a less efficient manner.
At a keysigning party, we sign eachothers PGP/GPG keys, to improve the web of trust. Also, please read https://wiki.debian.org/Keysigning
|Name||KeyID (0xlong)||Sent key to firstname.lastname@example.org|
|User:LaKoon|| 0x3280EC393A363153 (RSA)
But I was there too!
|Name||KeyID (0xlong)||E-mail (in case of signing trouble)|
The SHAdapted Sassaman-Efficient protocol goes as follows:
Before The Event
- (DONE) All participants email their public key to the keysigning coordinator, diligently reading e-mails addressed to email@example.com
- (DONE) The coordinator compiles all the submitted keys into an event keyring.
- (DONE) The coordinator generates a text file containing a list of all keys and their fingerprints, and calculates the SHA256 checksum of the list.
- (DONE) The coordinator publishes the text file either by emailing it to all participants or making it accessible on a website along with all the checksums.
You may find the keyring, file and checksums at http://familievogels.nl/sha2017-ksp/ (Unfortunately I have had some issues with getting a sha2017.org website up and running, so that's why I'm publishing this late on a random domainname)
- Participants download the text file and calculate the checksums of the list, and check them against the checksums provided by the coordinator. If the checksums match it shows that the participant has an identical and unmodified copy of the key list.
- Participants print out a hard copy of the key list and check the fingerprint of their own key included in the list is correct.
At The Event
- All participants bring along their own hard copy of the key list which they printed themselves. Participants should only trust the key list they printed themselves from the file with verified checksums. This ensures each participant is working from a list they know has not been tampered with.
- The event organiser reads out the checksums or displays them on a projector for all participants to compare with their own.
- Each participant in turn makes a statement that their fingerprint as included in the list is correct. This can be as simple as saying 'key XXXXX is correct'. There is no need to read the fingerprint aloud: since the lists have been checksummed, the fingerprint that appears on all lists must be the same. Participants put a tick on their copy of the list next to each key that is stated by the owner to be correct, and put a tick in their keysigning-badge.
- Once all participants have stated whether their fingerprint is correct, everyone forms a long line in the same order as their keys appear in the list. The head of the line then folds back on itself and the participants moving back along the line inspect the ID of each participant standing still. The ID requirement is generally 2 forms of government-issued photo ID, but individual participants may enforce their own requirements as appropriate. A second tick is placed next to the list entry for which sufficient ID has been sighted.
- Once all participants have presented their ID, key lists are to be stored away in a safe place by each participant to prevent tampering with the annotated list.
After The Event
- Participants retrieve the public keys of all keysigning participants either by fetching individual keys from public keyservers or by importing an event keyring if one has been created by the event coordinator.
- Participants work through their annotated key list, checking the fingerprint of each key against the printed list and signing keys that match and are ticked for valid ID and the owner stating the fingerprint is correct.
- Participants either upload each public key they sign to a public keyserver, or email it directly to the key owner. Some key owners prefer not to have keys sent to public keyservers so in general it is courteous to email the key directly to the owner.
- Signatures sent to each participant by other participants are imported into their local keyring.