| 
 |---- Homepage
 |---- Location
 |---- Program
 |---- Abstracts
 |---- Fees
 |---- Registration
 |---- Accomodation
 |---- BOFs
 |---- Clustering Workshop
 |---- Key signing party
 |---- Exhibition
 | 
German Ministry of education and research
German UNIX User Group
UNIX User Group - The Netherlands
University of Twente
X/OS
AT Consultancy bv
iX
O'Reilly-Verlag
LinuxEnterprise
Mind Linux Solutions
SuSE Linux AG
Linux AG
8th International Linux-Kongress · Nov 28-30 2001 · Enschede/The Netherlands
Key Signing Party
We will be holding a PGP Key signing party at GNU/Linux Kongress 2001. We have been scheduled to meet at 18:00 on Thursday, November 29, 2000. The procedure we will use is the following.

  • People who wish to participate should email an ASCII extract of their PGP public key to <keys@linux-kongress.org> by Wednesday, November 21, 2001.

    Please include a subject line of "LK 2001 PGP KEY", and please do not sign or encrypt your email.

    The method of generating the ASCII extract is: 

        gpg --export -a my_email_address > mykey.asc (gpg)
    pgp -kxa my_email_address mykey.asc             (pgp 2.6.2)
  • By Friday, November 23, you will be able to fetch both the complete keyring with all the keys that were submitted along with a text file giving the fingerprint of each key on the ring. These files are here:
         http://www.linux-kongress.org/keys/lk2001.gpg
     http://www.linux-kongress.org/keys/lk2001.txt
    Take care to use a binary download mode or get the files as a tarball: 
        http://www.linux-kongress.org/keys/lk2001.tar.gz
  • At home, verify that the fingerprint of your key in lk2001.txt is correct. Also compute the MD5 hash of lk2001.txt. One way to do this is with md5sum invoked as follows: 

        % md5sum lk2001.txt
    Just to be sure that you have no problems with the download, here is the MD5 hash as we have calculated it: 
        MD5 = EC 51 8E F6 93 5F 68 D1  12 3C 66 B2 0A 79 06 C9
    Note, that this is just a hint - you must do the check yourself.

  • At the conference, come with the hash you computed, a hardcopy of lk2001.txt an identity card and a pencil.
  • A reader at the front of the room will recite the MD5 hashes of lk2001.txt. Verify that the hash recited matches what you computed. This guarantees that all participants are working from the same list of keys.
  • In turn, each participant will stand and acknowledge that the fingerprint of his or her key listed is correct. Mark the key verified on your hardcopy.
  • Later that evening, or perhaps when you get home, you can sign the keys corresponding to the fingerprints which you were able to verify on the hardcopy; note that it is advisable that you only sign keys of people when you have personal knowledge that the person who stood up during the reading of his/her fingerprint really is the person which he/she claimed to be.
  • Submit the keys you have signed to the PGP keyservers. A good one to use is the one of SurfNet simply send mail containing the ascii armored version of your PGP public key to <pgp-public-keys@keys.nl.pgp.net>.

Note that you don't have to have a laptop with you; if you don't have any locally trusted computing resources during the key signing party, you can make notes on the hardcopy, and then take the hardcopy home and sign the keys later.

Martin Schulte Last recently updated at Wednesday, 2003-12-24 12:00:00 CET