Note: This page is for planning a keysigning party hosted by LUG@UCLA.
A keysigning party is an event for helping people verify each others' PGP keys and strengthening the web of trust.
- take control of your privacy
- meet other interesting members of the privacy-aware community
- learn about cryptography technologies widely used in industry
- eat pizza
LUG@UCLA's keysigning party uses a slightly modified version of the Sassaman-Efficient method.
- Where: Boelter Hall 4760
- When: TBA
- generate your PGP keypair if you haven't already:
$ gpg --gen-key
WARNING: make sure you understand the implications of holding a private key, e.g. do not generate it on a computer you don't own and have full control over.
- sync your public key with the keyservers:
$ gpg --send-keys <your key ID>
WARNING: this is irreversible. Make sure you are prepared to protect your private key and you are using a very strong passphrase.
- figure out your key fingerprint and RSVP:
$ gpg --fingerprint <your name or key ID>
- go to RSVP page: https://linux.ucla.edu/keysigning/
- 24 hours before the party, we will make available the final keylist and keylist checksum which you should download:
$ wget https://linux.ucla.edu/keysigning/keylists/keylist.txt $ wget https://linux.ucla.edu/keysigning/keyrings/keylist.txt.sha1
- make sure your key ID is on the list next to your name
- locally verify the checksum:
$ sha1sum --check keylist.txt.sha1
- append the checksum to the bottom of keylist.txt:
$ cat keylist.txt.sha1 >>keylist.txt
- print keylist.txt and keep safe
III. The Party
- bring the following:
- printed copy of keylist.txt
- one or more forms of ID (e.g. drivers license + Bruin card)
- make sure the keylist.txt checksum at the bottom of your printout matches the checksum projected onto the wall
- we iterate through the list of keys, and each participant will make a statement that their fingerprint is correct. Put a check next to each person that has stated that their fingerprint is correct.
- we break formation. go to each person on your list and verify their identity, adding a second check next to their name.
- don't forget to eat pizza!
IV. After the Party
- retrieve your annotated keylist printout
- for every person on the list with two check marks, import that person's key into your local keyring:
$ gpg --search-keys <their key ID>
Q: How do I install GnuPG (gpg)?
A: Most open source operating systems will include GnuPG by default. If GnuPG is not installed, and isn't provided by your operating system vendor, you should seriously consider switching to a better operating system. Come to LUG during Tutoring hours or attend our next Installfest.
Q: Can't I just generate my PGP keypair on SEASNet lnxsrv?
A: NO! You must protect your private key. Generate it on your personal computer running an open source operating system. VMs don't count.