NANOG Web
Back to: NANOG
Home
PGP Key Signing
Sessions are going to be during the General Session breaks,
February 5th through 7th.
Location: Sheraton Hall F
Bring Photo ID
Paste
Your Public Key Here
Majdi Abbas will run PGP key
signing parties at the NANOG 39
meeting in Toronto. This time we are aiming to meet twice:
- Morning Break (10:15am), Monday (Majdi Abbas)
- Morning Break (10:00am), Tuesday (Majdi Abbas)
- Morning Break (10:30am), Wednesday (Majdi Abbas)
All sessions will be in room Sheraton Hall F. If you feel like coming to all sessions,
then please feel free. If you would prefer to only come to one, there
should be at least one person attending all sessions who is able
to sign keys, so a path to trust keys signed at the other meeting
should exist.
Stickers for Your Name Badge
When you stop by the registration desk, there will
be coloured stickers available for your name tag that indicate
if you have an interest in signing PGP keys. If people keep trying
to peer with you, you've picked up the wrong colour sticker.
You do not have to attend a key
signing party in order to sign keys! If you happen to be sitting
next to someone with a PGP sticker on their badge, exchange keys
and verify fingerprints with them. The more signatures you exchange
with people, the more useful PGP will be to you.
The Day Before
You should get the following three steps
done at least the day before you attend one of the key-signing
parties.
If you plan to attend multiple parties, you only have to follow
these steps once.
- Generate a PGP Public/Private Key
Pair.
If you don't already have a public/private PGP key pair,
you need to generate one. GnuPG users can type
"gpg --gen-key".
- Extract your PGP Public Key. Again, refer to
your PGP software's documentation for details; you are looking for
a public key extracted in "ASCII-armoured" format. GnuPG users
can type "gpg -a --export your-key-id".
- Add your Public Key to the NANOG 39
Key Ring.
Do this by pasting the ASCII representation of the public key
into this
convenient form. You can also
view all
the other keys that have already been uploaded there.
Attending a Key-Signing Party
You should bring:
- Sufficient photo-id to
convince others that
you are who you claim to be (e.g. drivers licence, passport).
- A copy of your PGP public key
fingerprint that you generated
yourself, from a known-trusted copy of your key.
GnuPG users can type "gpg --fingerprint
your-key-id".
- A pen.
When you arrive:
- Pick up a copy of that day's NANOG 39
keyring
printout from the pile. Locate your own key on the
list.
- In turn, each of those attending the party introduce themselves
by name, and indicate which key (or keys) on the list is theirs.
They then read out their key
fingerprint from
their own trusted copy, and everybody verifies that this agrees
with the fingerprint listed on the sheet.
- Once everybody has had a chance to read out their key
fingerprints, people can proceed to introduce themselves
to people they don't already know, and
allow their identities to
be verified (e.g. against photo id).
The Day After
At some point after the key signing party that you attend,
you should sign the keys whose authenticity you were able to check.
This strengthens the web of trust, and makes PGP more useful for
you as a general-purpose tool.
- Retrieve the NANOG 39
keyring and import it into your own keyring. GnuPG users
can type "gpg --import filename".
- Check the fingerprint on each of the keys that you checked
against the list that you took home from the key signing party.
GPG users can type "gpg --fingerprint
key-id".
- If the fingerprints match, sign the key.
- E-mail a copy of the signed key back to the key's owner, or
send the key with its new signature to a key server (or both,
or whatever you normally like to do).