NANOG Web
Back to: NANOG Home

NANOG logo

PGP Key Signing

Sessions are going to be during morning breaks on Monday, Tuesday and Wednesday.

Location: Garden Room
Bring Photo ID
Paste Your Public Key Here

Joel Jaeggli will run PGP key signing parties at the NANOG42 meeting in San Jose. PHP Key Signing Parties happen between 11:30 AM and 12 PM on Monday and Tuesday and between 10:30 AM and 11:00 AM on Wednesday.

All sessions will be in the Garden Room. If you feel like coming to more than one session, then please feel free. If you would prefer to only come to one, there should be at least one person attending all sessions who is able to sign keys, so a path to trust keys signed at the other meeting should exist.

Stickers for Your Name Badge

When you stop by the registration desk, there will be coloured stickers available for your name tag that indicate if you have an interest in signing PGP keys. If people keep trying to peer with you, you've picked up the wrong colour sticker.

You do not have to attend a key signing party in order to sign keys! If you happen to be sitting next to someone with a PGP sticker on their badge, exchange keys and verify fingerprints with them. The more signatures you exchange with people, the more useful PGP will be to you.

The Day Before

You should get the following three steps done at least the day before you attend one of the key-signing parties. If you plan to attend multiple parties, you only have to follow these steps once.

  1. Generate a PGP Public/Private Key Pair. If you don't already have a public/private PGP key pair, you need to generate one. GnuPG users can type "gpg --gen-key".
  2. Extract your PGP Public Key. Again, refer to your PGP software's documentation for details; you are looking for a public key extracted in "ASCII-armoured" format. GnuPG users can type "gpg -a --export your-key-id".
  3. Add your Public Key to the NANOG42 Key Ring. Do this by pasting the ASCII representation of the public key into this convenient form. You can also view all the other keys that have already been uploaded there.

Attending a Key-Signing Party

You should bring:

  1. Sufficient photo-id to convince others that you are who you claim to be (e.g. drivers licence, passport).
  2. A copy of your PGP public key fingerprint that you generated yourself, from a known-trusted copy of your key. GnuPG users can type "gpg --fingerprint your-key-id".
  3. A pen.

When you arrive:

  1. Pick up a copy of that day's NANOG42 keyring printout from the pile. Locate your own key on the list.
  2. In turn, each of those attending the party introduce themselves by name, and indicate which key (or keys) on the list is theirs. They then read out their key fingerprint from their own trusted copy, and everybody verifies that this agrees with the fingerprint listed on the sheet.
  3. Once everybody has had a chance to read out their key fingerprints, people can proceed to introduce themselves to people they don't already know, and allow their identities to be verified (e.g. against photo id).

The Day After

At some point after the key signing party that you attend, you should sign the keys whose authenticity you were able to check. This strengthens the web of trust, and makes PGP more useful for you as a general-purpose tool.

  1. Retrieve the NANOG42 keyring and import it into your own keyring. GnuPG users can type "gpg --import filename".
  2. Check the fingerprint on each of the keys that you checked against the list that you took home from the key signing party. GPG users can type "gpg --fingerprint key-id".
  3. If the fingerprints match, sign the key.
  4. E-mail a copy of the signed key back to the key's owner, or send the key with its new signature to a key server (or both, or whatever you normally like to do).

Merit Network, Inc.
1000 Oakbrook Drive, Suite 200
Ann Arbor, MI 48104
734-764-9430
© 2005 Merit Network, Inc.
Privacy Policy