GPG Keysigning at FUDConF11

As in past years, I’ll run a GPG Keysigning session at FUDConF11 in Cambridge, MA on Saturday, January 10.

Meet Fedora people face-to-face. Taunt each other over their passport/driver’s license photos. Add yourself to the Web of Trust or increase your ranking.

To Participate

Pre-registration is preferred.  I’ll try to accommodate people who don’t follow the procedure below and still want to participate on the day of the event, but that may be difficult.

  • Mandatory: Create a GPG keypair for yourself (if you haven’t already)
  • Optional: add your uid to your keypair
  • Mandatory: Send your key before the event to the keyserver. Get your KEYID from your keyring as the part following the 1024D/ as follows:
gpg --list-secret-keys | grep ^sec

For me, this is 92F0FC09. Yours will be different.

Then send your key to the keyserver with:

gpg --keyserver --send-keys KEYID

and send me your key fingerprint with:

gpg --fingerprint KEYID | mail -s "<your-fedora-username> key"

Right Before FUDCon

  • Mandatory: If you pre-register for the keysigning, print out your key fingerprint once and bring it. If you don’t pre-register, print out your key fingerprint 20-50 times, and bring it with you. You’ll hand one of these out to each other person at the keysigning, so bring enough. The program ‘gpg-key2ps’ in the pgp-tools RPM can do this for you quite nicely.
  • Mandatory: run md5sum and sha1sum on the fudcon-keysigning-fingerprints.txt files (to be generated shortly before the event – you’ll get an email notification), print at the results, and bring them to the meeting. It should match the corresponding files on the web site.
  • Mandatory: Bring a government-issued picture ID of yourself

Note: this means you will have at least 2 pieces of paper (your key fingerprint and the sha1sum and md5sum results) that you bring.

At the Keysigning

For those who pre-registered, you can find the keyring, the fingerprint file we’ll use, and the md5sum and sha1sum hash of the fingerprint file, all at We will read these values, for everyone to confirm they all match.

After the Keysigning

Following the keysigning, you’ll need to actually sign people’s keys. The easiest way to do this is to use caff which is conveniently packaged in the Fedora pgp-tools package. caff lets you sign a number of keys at once, and will then email each recepient their signed key, encrypted with their key (actually, it sends one email per UID on the target key, so those people with 10 UIDs on their key will get 10 emails from caff, but that’s OK – it makes sure they control that email address too). They must know their own passphrase to retrieve their signed key, which they can then import into their gpg keyring and upload to the keyserver