With Randa approaching, I’ll be meeting some KDE people, some for the first time. So it’s time for another GPG keysigning! The usual approach to a GPG keysigning is to have Harald organise it, that ensures a maximum amount of abiding-by-rules. But .. he’s not going to be there, this year. So this post is a random bit of throw-information-out-there about how typical KDE event keysignings work, and an annoucement of my own protocol in handling keysinging.
My PGP key can be found here in pubkey.asc, and has key fingerprint = 00AC D15E 25A7 9FEE 028B 0EE5 7FEA 3DA6 169C 77D6.
Anyway, a typical KDE keysigning goes like this:
- An Austrian^Wattendee is selected to coordinate the process in advance. You need to trust the coordinator and their printer.
- A wiki page is started, which lists participants by name and GPG key fingerprint.
- On the day of the event, the coordinator prints out one copy of the wiki page with the key table for each attendee. This is the point at which you need to trust the coordinator, to print out N identical copies.
- At the event, each attendee in turn is asked to state that the key fingerprint on the sheet is, indeed, their key fingerprint.
- All those who say “aye”, are participants. A shared secret for the session is established by writing a word on the whiteboard; this can optionally be used as part of the verification process later.
- Each pair of participants cross-checks government-issued photo-ID plus whatever else they want to do. Sometimes we try to establish two concentric circles, for efficiency in cross-checking, but in my experience that leads to random milling about.
- After all the cross-checking, we’re done the party part, and people can do the actual signing in whatever way they wish.
My personal protocol adds the following:
- During the keysigning, I have double-slips of paper with my key fingerprint printed on them, and five randomly selected words from
/usr/share/dict/words(on a FreeBSD machine, there are 235924 words in that file). Each double-slip has the words printed twice, and can be cut in half with the same words on both halves. For each participant, I have a different double-slip with uniquely selected words.
- I’ll cut the slip in half, write your name on both halves, and give you one of the copies. Now we have a shared secret — those five randomly-selected words. Both you and I need to guard those slips of paper carefully!
- Once home, I’ll send you an encrypted, signed, message asking for our shared secret.
- You respond with an encrypted, signed, message containing those five words.
- I send you an encrypted, signed, message with my signature on your key.
I used to ask a question (like “what stupid joke did I tell you on the first day of Akademy?”) which was some kind of shared secret between us, but memories are fallible and something that makes a big impression on me might be useless fluff to you. So that’s why I’m switching to using these slips of paper. I figure “choledocholithotripsy unobeying odontogeny staymaking fantigue” is as good a shared secret as any.