BoF Key Signing Party

Overview

Our usual BoF Key signing party is returning again this year, thanks again to the help of our gracious volunteers. It will be held from 7 – 9pm Friday, October 7th in Union Room A. Like any amazing party, attendees will need to do some 1) preparation before the party, some 2) participation during the party, and some 3) post-event follow-up after the party.

Before the Key Signing Party

• install GnuPG (or other PGP workalike software)
• generate a key pair, if you have not already
• extract your public key and send it to the meeting organizer (rmt AT casita DOT net) with subject ‘OLF PGP key’
• extract your “fingerprint” and print a copy

During the Key Signing Party

• bring your printed fingerprint
• bring additional paper and a pen or pencil
• bring a valid government issued photo ID
• fingerprints will be read (orally)
• photo IDs will be checked (visually)

You do NOT need to bring a laptop or tablet or other device during the meeting. The meeting itself is about face-to-face verification.

After the Key Signing Party

• import the bundle of public keys (collected by the organizer)
• sign each participant’s public key
• send each participant’s signed key back to them OR. . .
• . . . upload signed keys to a reputable public key server

Beginner Instructions

Installing GnuPG on Linux

Depending on your Linux flavor, issue one of the commands below using root account/privileges:

Arch (pacman)

pacman -S gnupg

Debian (apt-get/aptitude)

apt-get install gnupg

RedHat, Fedora, CentOS, Azure Duck (yum)

yum install gnupg

Ubuntu / Mint (apt-get/aptitude)

sudo apt-get install gnupg

SUSE and OpenSUSE (zypper)

zypper install gnupg

Generate a key pair

• As your normal user, issue the command (and all others):

gpg --key-gen

• When prompted, select RSA at 4096 bits.
• Leave the “comment” blank, but enter your name and email address.
• You can have multiple email addresses on your key. Your key will be referenced either by the key ID (a hexadecimal string) or by your email address.

NOTE: remember your passphrase but do not share it with anyone
NOTE: protect your secret key (private key) and do not share it or upload it

Extract your public key (and e-mail it to the organizer)

gpg --armor --export you@yourdomain.tld > pubkeyfile.asc

Then send the file pubkeyfile.asc to the organizer (rmt AT casita DOT net). Include “OLF PGP key” in the subject of your message when sending so it doesn’t get buried under other email. The file can be sent as an attachment or can be embedded into the e-mail.

Extract your key fingerprint (and print it)

Run the following command as your user:

gpg --fingerprint you@yourdomain.tld > fingerprint.txt

Remember to print your fingerprint.txt file and bring it with you to the meeting.

Further Information

• A longer Google doc from the organizers about the key signing (work in progress)
• The slides for this year’s key signing (once available)