GPG Keysigning Protocol

With Randa approaching, I’ll be meeting some KDE people, some for the first time. So it’s time for another GPG keysigning! The usual approach to a GPG keysigning is to have Harald organise it, that ensures a maximum amount of abiding-by-rules. But .. he’s not going to be there, this year. So this post is a random bit of throw-information-out-there about how typical KDE event keysignings work, and an annoucement of my own protocol in handling keysinging.

My PGP key can be found here in pubkey.asc, and has key fingerprint = 00AC D15E 25A7 9FEE 028B 0EE5 7FEA 3DA6 169C 77D6.

Anyway, a typical KDE keysigning goes like this:

  • An Austrian^Wattendee is selected to coordinate the process in advance. You need to trust the coordinator and their printer.
  • A wiki page is started, which lists participants by name and GPG key fingerprint.
  • On the day of the event, the coordinator prints out one copy of the wiki page with the key table for each attendee. This is the point at which you need to trust the coordinator, to print out N identical copies.
  • At the event, each attendee in turn is asked to state that the key fingerprint on the sheet is, indeed, their key fingerprint.
  • All those who say “aye”, are participants. A shared secret for the session is established by writing a word on the whiteboard; this can optionally be used as part of the verification process later.
  • Each pair of participants cross-checks government-issued photo-ID plus whatever else they want to do. Sometimes we try to establish two concentric circles, for efficiency in cross-checking, but in my experience that leads to random milling about.
  • After all the cross-checking, we’re done the party part, and people can do the actual signing in whatever way they wish.

My personal protocol adds the following:

  • During the keysigning, I have double-slips of paper with my key fingerprint printed on them, and five randomly selected words from /usr/share/dict/words (on a FreeBSD machine, there are 235924 words in that file). Each double-slip has the words printed twice, and can be cut in half with the same words on both halves. For each participant, I have a different double-slip with uniquely selected words.
  • I’ll cut the slip in half, write your name on both halves, and give you one of the copies. Now we have a shared secret — those five randomly-selected words. Both you and I need to guard those slips of paper carefully!
  • Once home, I’ll send you an encrypted, signed, message asking for our shared secret.
  • You respond with an encrypted, signed, message containing those five words.
  • I send you an encrypted, signed, message with my signature on your key.

I used to ask a question (like “what stupid joke did I tell you on the first day of Akademy?”) which was some kind of shared secret between us, but memories are fallible and something that makes a big impression on me might be useless fluff to you. So that’s why I’m switching to using these slips of paper. I figure “choledocholithotripsy unobeying odontogeny staymaking fantigue” is as good a shared secret as any.

This entry was posted in KDE. Bookmark the permalink.

2 Responses to GPG Keysigning Protocol

  1. The preferred way should be to not waste anybodies time, and to not need to trust anyone. This goes like that:

    -bring your own (full!) fingerprint with you to the event
    -every attendee reads the full fingerprint from it’s own storage, and everyone else compares it to the one printed on her sheet of paper
    -everyone signs (physically) each sheet of paper they got (in case there are multiple page printouts)
    -the checking takes place by having two long rows of participants facing each other. Everyone checks the id of it’s direct counterpart and then notes that checking on the personal printout. Then both rows move a half step to the right, with the ends of the rows switching to the other row. Continue until everyone has verified everyone else.
    -don’t bother doing any shared secrets, just sign every userid of the foreign key with your private key, encrypt the signed key with the key you have just signed, and mail it to the email address of the matching user id. To not get mad use either CAFF or KGpg (“Sign and mail user id” from the context menu)

  2. hefee says:

    A way of debian is to sign the list of all attendees with their fingerprints and than publish the SHA256 sum for this file, so every attendee can check, that they have the correct file and that their fingerprint in this file is correct. Than you don’t need to rely on a perfect printer doing n-identical copies:)

    +1 for just using caff without any shared secret. Also caff makes sure, that the recipient can deside, if she wants to publish or not the fingerprint.