Versão em Português
This is the most informal
way of keysiging party, with the advantage of requiring the least or no organization. It poses great scalability problems and only works in really small parties. If you can offer a little bit more involvement, check the Classic Protocol with Rotation
for a solution with better scalability.
- A key pair.
- Two ids with recent photo (or, at least, closest to your look today), at least one of them issued by a governmental entity.
- Several copies of the fingerprint of your public key.
- A pen.
2. Before the Party
You'll need several printed copies of the fingerprint of your public key. Small pieces of paper with the output of the command:
bash$ gpg --fingerprint KeyID
...are, in general, all that's needed.
3. During the Party
Every participant try to exchange the copies of their own fingerprint with every other (or as many as possible). In every exchange, each participant have to check the id of the other one, promising to sign it only if satisfied with it.
4. After the Party
With the pieces of paper given to you by the other participants, you can choose the best way to sign the keys that you have correctly verified. This procedure is beyond the scope of this document (check how to sign automatically using caff
or manually one by one
the cryptographic keys).
What to do with the signed keys?
It's controversial whether you should send the signed keys to a public keyserver or back to its owner, so he/she do whatever he/she likes. It's generally considered Good Practice™ to send it back to its owner. This process can be rather slow and tedious if you've chosen to sign manually each key... Luckily, caff
before mentioned follows this practice, and we recommend its use.
- 25 Apr 2009