ALE GPG Key Signing Party

(ALE Central Meeting for 7:30pm on Thursday, November 19, 2009)  


Gambrell Hall Classroom 1C
Emory University School of Law
1301 Clifton Road
Atlanta, GA 30322

( Maps and Parking Info  here )


Thursday, November 19th, 2009:

7:30pm to 8:00pm  (prompt) --> Brief Introduction to GPG
8:00pm to 9:30pm  (prompt) --> Key Signing Party

We will start the key-signing process promptly at 8:00pm.
If you wish to participate you should prepare in advance
and arrive on time.


The November ALE Central meeting will be a gathering of ALE members,
friends and associates who are interested learning more about the GnuPG
implentation of PGP cryptography and the value of protecting your privacy
and your identity with PGP signatures.  For those who also intend to start
using PGP (GnuPG), the subsequent key signing party serves to confirm the
identity of other PGP Key users by signing each other's keys. This establishes
a "key ring" and helps to extend the "web of trust" to a great degree.

Internationally recognized cryptography and computer security expert
Michael Warfield was set to present the GPG PGP talk and host for the
key signing party, but a badly broken leg will be preventing his physical
attendance.  Instead, Michael will be cosulting behind the scenes to help
Charles Shapiro, Jeremy Bouse and Aaron Ruscetta present the
topic and run the party.

What YOU need as a participant in the
ALE Key Signing party:

Required Items for Parcipation:
  1. Physical presence
  2. Positive picture ID & second supporting form of ID
    (name must align with that used for the public key)
  3. Your PRE generated and PRE submitted Key Info:
    Key ID, Key Size, Key Type & HEX fingerprint
    in hard copy paper form.
  4. A pen or pencil or whatever you'd like to write with.
  5. NO computer  (to maintain privacy & security)

Required Process:
  1. Generate a key*.  Remember your pass phrase!
    To help with this, Charles Shapiro has prepared an excellent GPG Howto page
    with step by step command line directions for using the gpg (gpg2) program to
    generate, store, sign, register and use GPG keys. 
     *RSA/RSA Key pairs are strongly recommended. This is currently the default
    for the most recent releases of GnuPG2, which is available for download and
    installation on most platforms via  (for Mac OSeX see  sourceforge  )
    Other general information about GPG keys and instructions for key generation
    and participating in a signing party can found at the  Keysigning Party Howto  
    page, though some of the described party procedures and processes have been
    slightly modified to suit our ALE event.  General GPG FAQ links are also
    included below.
  2. Perform an EXPORT of your key and email it to the key registry address.
    All participants MUST send their Exported Public Key Text Block to
    Warfield's automated key registry at  
    by Midnight (est) on Wednesday, November 18th.
  3. Michael will provide a list of all party participants with their Key info
    (User ID, Type, Size and Fingerprint) and distribute copies of the printout
    at the meeting.  Participants will mark their sheets as individual ID's and
    Key Fingerprints are confirmed. (Michael will also establish or designate
    a Key Ring Server for the final, post party step of the Key Signing Process).
  4. Participants attend the party and bring along a paper copy of their Key info.
    You must also bring along a suitable form of photo ID and a secondary supporting
    form of ID.  Participants will make two marks on their copy of the key ring listing,
    one for confirmation of correct Key Info (User ID, Type, Size, & Fingerprint)
    and one for confirmation of the personal photo ID.
  5. At the meeting each key owner reads his Key info (User ID, Type, Size, &
    Fingerprint) from their own paper hard copy (NOT from the distributed listing!).
    This is because there could be an error, intended or not, on the listing. This is also
    the time to tell which ID's to sign or not. If the key information matches a
    participant's distributed Key list,  they place a check-mark by that Key information.
  6. After all participants have read their key ID information, they form a line.
    The first person walks down the line having every person check his ID.
    The second person follows immediately behind the first person and so on.
    If you are satisfied that the person is who they say they are, and that the Key
    User ID on the printout is theirs, you place another check-mark next to their
    Key information on your printout.
  7. Once the first person cycles back around to the front of the line, they will have
    checked all the other IDs and their ID will have been checked by all others.
  8. After everyone has identified themselves, the formal part of the meeting is over.
    Participants are free to travel to Melton's App and Tap to further discuss matters
    of PGP and Linux together.  If everyone is punctual the formal part of the evening
    should take less than an hour.
  9. After attending the party and confirming the key and ID information on your copy
    of the list of participants, each participant must independently log into the Key Server
    (that will have been designated by Michael at the party) and sign all of the keys on
    your hard copy list that you have "double checked" and confirmed. Keys on your
    list can only be signed if they have two check-marks!
  10. Send the signed keys back to the keyservers.
  11. Use those keys as often as possible.

Why shouldn't I bring a computer?

There are a variety of reasons, why you don't want to do this. The short answer is it would
be insecure, unsafe, and of no benefit.  For those not convinced, here are some reasons why
t is insecure, unsafe, and of no benefit.

Other questions about signing keys?

You may want to read the Keysigning Party Howto which includes an
explanation of the concepts behind keysigning, instructions for hosting
a keysigning party, instructions for participating in a keysinging party,
and step by step instructions for signing other's keys.

If you're looking for quick answers you may want to look to the
questions and answers below, which all come from the PGP FAQ.
It also has a lot of other good information.

Other useful PGP links

A few more links for PGP newbies, or those who wish to re acquaint themselves.

What if I still have a question?

If, after reading the resources provided above, you need help with other questions,
you can (sign up for and) post your inquiries to the many informed IT professionals
of the ALE@ALE.ORG mailing list.   Please include "GPG", "PGP" or "Key
Signing Party" in the Subject line.