As part of the DNS-OARC 24 and IETF 95 Conference in Buenos Aires, Argentina there will be OpenPGP (pgp/gpg) keysignings.
Ondřej Surý will announce the time and venue of a discussion/information session about the keysigning during DNS-OARC 24 (and IETF) in particular and modern cryptography in general. It will be followed by a number of keysignings of small groups of people.
A keysigning party or meeting is a get-together of at least two individuals who use the PGP encryption system with the purpose of allowing them to sign each others keys. Keysigning parties serve to extend the web of trust (WoT) to a great degree. A useful metric of the WoT is the mean shortest distance (MSD) of a key.
Please read chapters one and two of the GnuPG Keysigning Party HOWTO (note: we are doing the party differently, so the other chapters do not apply completely).
IMPORTANT: The keysigning party aims to verify that the person matches the key, so it doesn't make sense to validate various organizational keys. Thereby I am going to reject any non-personal keys (f.e. something like "DNS-OARC Key").
We should be moving to GPG keys with stronger ones using SHA256 or better. Please read f.e.:
The process to create a new key is documented at http://keyring.debian.org/creating-key.html.
If you plan to migrate your WoT, you should read "HOWTO prep for migration off of SHA-1 in OpenPGP" at https://www.debian-administration.org/users/dkg/weblog/48 by dkg.
You are also welcome to submit a second key using Ed25519 algorithm, read f.e.: http://www.gniibe.org/memo/software/gpg/keygen-25519.html
You will need at least GnuPG version 2.1.0 to have Ed25519 support, and it's often found as gpg2 command on various Linux distributions. You can check your GnuPG version using
$ gpg2 --version gpg (GnuPG) 2.1.11 libgcrypt 1.6.5 Copyright (C) 2016 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 $ gpg1 --version gpg (GnuPG) 1.4.20 Copyright (C) 2015 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2
Please read the document "OpenPGP Best Practices" by dkg which is available at https://help.riseup.net/en/security/message-security/openpgp/best-practices. Its OpenPGP key checks have been implemented by Clint Adams (clint) in the Debian package hopenpgp-tools and dkg's recommended settings has been put together in a gpg.conf file by Jacob Appelbaum (error). Please check your key with clint's hokey lint command and use error's gpg.conf file as explained in dkg's document.
The keysignings will be based on the Efficient Group Key Signing Method by Len Sassaman and Phil Zimmermann which is a protocol to do keysignings in a way that is faster than the way many people may be familiar with.
The keysigning steps follow.
Please note that having multiple keys isn't a requirement. If you have one key to be signed, adjust the examples below from two keys to just one key.
Revoke all non-reacheable or no longer valid uids.
Update GnuPG to use SHA2 in preference to SHA1. Use error's gpg.conf file (see above) or read the information under "Update ~/.gnupg/gpg.conf" at http://keyring.debian.org/creating-key.html. Don't forget to update ~/.caff/gnupghome/gpg.conf as well, if you use caff for signing keys, otherwise your signatures will be SHA1.
Cross sign your keys and upload them to a key server, if you haven't done so yet.
Example with two keys 0xfedcba98 and 0x76543210 and uploading to a key server:
gpg --local-user 0xfedcba98 --edit 0x76543210 sign gpg --local-user 0x76543210 --edit 0xfedcba98 sign gpg --keyserver keys.gnupg.net --send-keys 0xfedcba98 0x76543210
Send your ascii armored, cleaned, minimized and clear-signed public keys to email@example.com no later than 23:59 UTC/GMT/Zulu on Sunday 29th of March, 2016. Multiple cross-signed keys per armor are just fine. The signatures will prove the owner of the keys controls the private keys.
Example with two keys 0xfedcba98 and 0x76543210, signature is made with both keys 0xfedcba98 and 0x76543210:
gpg --armor --export-options export-clean,export-minimal --export 0xfedcba98 0x76543210 > publickeyblock
Then clear-sign publickeyblock with your keys 0xfedcba98 and 0x76543210 creating publickeyblock.asc:
gpg --local-user 0xfedcba98 --clearsign --local-user 0x76543210 --clearsign publickeyblock
Then email publickeyblock.asc as so:
mail -s "KeySigning Party @ DNS-OARC" firstname.lastname@example.org < publickeyblock.asc
Same example as a one-liner:
gpg --armor --export-options export-clean,export-minimal --export 0xfedcba98 0x76543210 | gpg --local-user 0xfedcba98 --clearsign --local-user 0x76543210 --clearsign | mail -s "KeySigning Party in Buenos Aires" email@example.com
(echo -e "To: firstname.lastname@example.org\nFrom: Your Full Name <email@example.com>\nBcc: firstname.lastname@example.org\nSubject: KeySigning Party in Buenos Aires\n"; gpg --armor --export-options export-clean,export-minimal --export 0xfedcba98 0x76543210 | gpg --local-user 0xfedcba98 --clearsign --local-user 0x76543210 --clearsign) | sendmail -t
Another one-liner (by Philip Hands):
( KEYS="0xfedcba98 0x76543210" ; \ gpg --armor --export-options export-clean,export-minimal --export $KEYS | \ gpg $(for k in $KEYS; do echo "--local-user $k --clearsign"; done) | \ mail -s "KeySigning Party in Buenos Aires" email@example.com \ )
Your keys will be processed manually and if the submitted keys are valid, an email will be sent back to you and the key IDs will be listed at https://github.com/oerdnj/dns-oarc-keysigning/tree/master. If you find an error write immediately to firstname.lastname@example.org.
On Wednesday 31. March, 2015 you will be able to fetch the complete keyring (ksp-ba.gpg.bz2) with all the keys that were submitted along with a text file (ksp-ba.txt) giving the fingerprint of each key on the ring.
At https://github.com/oerdnj/dns-oarc-keysigning/tree/master both the keyring and text files will have corresponding files with their SHA256 checksums. The SHA256 files will be signed with public key 0x0C99B70EF4FCBB07, which can be downloaded from keyring.debian.org or other public keyservers.
To verify the signature of the SHA256 files, download ondrej's key from db.debian.org, e.g.:
finger email@example.com | gpg --import
And then run gpg with the verify option (using ksp-dc15.txt.sha256.asc as an example):
gpg --verify ksp-ba.txt.sha256.asc
Verify that the fingerprints of your keys in ksp-dc15.txt are correct. Also compute the SHA256 hash of ksp-ba.txt. One way to do this is with sha256sum invoked as follows:
Bring the hash you computed and a hardcopy of ksp-ba.txt to Buenos Aires.
The SHA256 hash of ksp-ba.txt will be announced during the discussion/information session. Verify that the hashes match what you computed. This guarantees that all participants are working from the same list of keys.
During DNS-OARC 24 and IETF 95, look for keysigning participants during the conference.
For each participant:
Later that evening, or perhaps when you get home, you can sign the keys in ksp-ba.txt which you were able to verify and identify.
Please use caff to sign keys, one of the scripts of pgp-tools. The scripts are also available as the debian package signing-party.
What to bring with you
If you have questions please send them to firstname.lastname@example.org.
Special thanks goes to Benjamin Mako Hill who provided the scripts and text used at DebConf4, Peter Palfrader who provided the scripts and text used at DebConf3 and LinuxTag (2003 and 2004) whose reuse made putting together this keysigning easy and possible, and Daniel Kahn Gillmor and Anibal Monsalve Salazar for doing this at DebConf15.