This is the procedure for the key signing party at NordNOG 2, and more
specifically, what you need to do before you arrive.
(Instructions are for GnuPG, because that is what I know. You will
have to find out how to perform this yourself in other PGP systems.
1. Submit your key to a key-server. For this particular exercise, I
reccommend "pgp.mit.edu". If you for whatever reason use another
keyserver, be sure to tell me which in the mail you send me.
"gpg --keyserver pgp.mit.edu --send-keys DEADBEEF"
will do this if you run GnuPG and have the key ID DEADBEEF (latter
2. Prepare an email to "[log in to unmask]" (NOT the Nordnog list!) with
subject "PGP Party" and contents:
* email and name associated with the key.
* Key hexadecimal ID
* Key fingerprint
* any sub id's.
The command "gpg --fingerprint [log in to unmask]" will get
this info for you. (if your userid is [log in to unmask] Alter
Documents on the Web tell me that "pgp -kvc [log in to unmask]"
will do that for PGP, but YMMV. Any NordNoggers more versed in PGP ops
might want to chime in.
3. Also, print this data on paper. Or, bring the key on your own laptop.
Anything you trust, basically.
4. Bring yourself, said paper, a pen, and photo ID to the key party.
I will compile a list of received keys and print their ID / fingerprints on
a handout for the party. Keys received up to 1700 MET Wednesday 2002-02-12
will be included.
5. At the party we will do like this:
(stolen from the party FAQ,
# Each key owner reads his key ID, key type, fingerprint, key size, and
user ID from his own printout, not from the distributed listing. This is
because there could be an error, intended or not, on the listing. This is
also the time to tell which ID's to sign or not. If the key information
matches your printout then place a check-mark by the key.
# After everyone has read their key ID information, have all attendees form
# The first person walks down the line having every person check his ID.
# The second person follows immediately behind the first person and so on.
# If you are satisfied that the person is who they say they are, and that
the key on the printout is theirs, you place another check-mark next to
their key on your printout.
# Once the first person cycles back around to the front of the line he has
checked all the other IDs and his ID has been checked by all others.
# After everybody has identified himself or herself the formal part of the
meeting is over. You are free to leave or to stay and discuss matters of
PGP and privacy (or anything else) with fellow PGP users. If everyone is
punctual the formal part of the evening should take less than an hour.
# After confirming that the key information on the key server matches the
printout that you have checked, sign the appropriate keys. Keys can only be
signed if they have two check-marks.
# Send the signed keys back to the keyservers.
# Use those keys as often as possible.
Sending and signing keys:
gpg --sign-key [log in to unmask]
signs a key with the default private key.
gpg --keyserver pgp.mit.edu --send-keys [log in to unmask] [log in to unmask]
sends the keys for luser and sysop to the keyserver at MIT. There is no use
sending unsigned keys.
The aforementioned FAQ, <http://www.cryptnet.net/fdp/crypto/gpg-party.html>
does tell about this much better than can I. Consult it if you have further
Måns Nilsson Systems Specialist
+46 70 681 7204 KTHNOC MN1334-RIPE
We're sysadmins. To us, data is a protocol-overhead.