Help a PGP/GPG noob hold a key signing party.
May 26, 2008 1:17 PM   Subscribe

Cory's solution (from a quick reading) is that a clean home-built laptop was rebooted (from a clean distro) for each user, and a hacked key-generator that didn't save the keys to disk was used - so each party guest generated their keys, took a cell-phone picture of their private key as shown on the laptop's screen, and then had the other guests each take a picture of them holding the laptop as it showed their public key. Then the laptop memory is wiped with a reboot, and the next guest repeated the process. After the party, each guest was supposed to go home and type in their private key and then all their friends' public keys - and of course delete the cell-phone pictures.

This solution was thought through very carefully, and reviewed by all Cory's crypto-nerd friends, and no element of it is optional. It isn't even really a key-signing party - it's just a key-exchange party. (At a key-signing party, you'd all sign the keys you got at other parties with your private keys and pass them around along with your public keys.)

Now, I had to recreate my 2048-bit private RSA key from my paper backup a month or so ago, and it sucked. Even if you hack ssh-keygen to write to screen (it has no option to write to stdout) I'm not sure you're really going to be able to get people to follow through on the rest of the manual protocol.

Just have a public-key exchange party; send simple ssh-keygen instructions and cheap flash drives in the invitations, take everyone's key from their flash drive at the door, and let everyone load up their drive with all the other guest's keys on the way out.
posted by nicwolff at 2:27 PM on May 26

In practice, I've found that the biggest operational PGP problem is not key compromise but key loss. There's a high "infant mortality" rate for keys as people forget their passphrases or misplace their thumb-drive keyrings. I've taken to not signing any key that hasn't been in use for at least a few months. I'd recommend that you host a pair of parties: one, a "getting started with pgp" party in which people generate keys and exchange them but do not sign them (or just use the "local signature" feature of gnupg); then you guys can exchange a lot of encrypted mail and get used to using pgp; then have another party a few months later for fingerprint exchange and key signing. Some people will still be using the keys generated at the first party; some people will have had to generate new keys in the interim. If someone screws up while learning stuff, you don't end up with unusable or compromised keys floating around in the web of trust forever, tempting you to accidentally send mail no one (or everyone) can decrypt.

Ideally, people should generate their own keys, or at least generate them on their own hardware to minimize the likelihood of everybody's keys being compromised if the evil cryptoninjas steal the generating laptop and do hardcore data recovery on it. People can also generate their keys at home and just exchange fingerprints at the party.

GnuPG Keysigning Party HOWTO

Biglumber — key signing coordination

PGP for absolute beginners; the comp.security.pgp FAQ; some discussion of the web of trust concept.
posted by hattifattener at 3:05 PM on May 26

Basically, how can I have people generate the keys at my house?

What a terrible idea. Anyone who is willing to make a key in an untrusted environment is not worthy of trusting to keep their key safe in other ways. In fact, this is a good way of finding people you should never trust with cryptography. Black-list everyone who does that.

I'm a huge fan of Doctorow, but the scheme in the book is bogus. No one at the party knew they were getting keys that were random. Imagine Eve setting that instance of GPG to emit a series of known keys. She wouldn't even need their passphrase to decrypt anything and forge anything.

Please, don't do that. Depending on bad security to do high-value things is worse than knowing you're not secure and not doing them.
posted by cmiller at 4:29 PM on May 26 [2 favorites]

Yeah as others have said, it's totally flawed to have your guests generate their keys on your machine. That's really, really bad practice, and if you're going to do a key-signing party (or key-exchange party) you might as well do it right and not start people off on the wrong foot.

It would be acceptable, IMO, for people to bring their own hardware (laptops) to the party. In fact I think that would really be the best way of doing a key-exchange.

Slight aside: I suppose in theory, creating your key on your own laptop in someone else's house might be a security risk (they could have TEMPEST gear installed in their table!) they're sufficiently remote that they would at least pass my personal 'giggle test' if I was doing it at a friend's place.

So what I'd do is have everyone interested come over, bringing their own, trusted laptops with them, and then you could do key-signing for the people that already have keys, and talk the total newbies through the process of installing and setting up GPG, generating their keypair, and generally getting things ready. There's a lot of merit to the suggestion of waiting to sign new folks' keys for a few weeks, but that's really a decision that's up to you and the other signers. (Basically you just have to judge people's interest level -- are they serious about it or is it just a passing fad for them?)

So basically, you just provide the venue, copies of GPG, and expertise/help. Let everyone swap public keys, and let people who want to sign them do that too. If you had Flash drives, that would make the key-swapping easier (everyone could just write or attach their name to a Flash drive, and pass it around the room ... everyone else puts their public key on it and gives it back, they load the keys onto their ring and are ready for signing/verification). Email or IM would be possibilities too, as would a file server, but Flash drives are easy and might help with organization. Also: cool, cheap party favor.

Doctorow's procedure with the cellphones seems like it would probably work, but it would be cumbersome and it still requires you to trust the laptop that you're generating on. Rebooting it from ROM every time provides some security, but not a lot; better just to bring your own laptop. Plus ... if the people you know who are interested in GPG are anything like the people I know (myself included) who are interested in it, they're probably going to show up with laptops unless you tell them not to, so you might as well make use.

Good luck and sounds like fun!
posted by Kadin2048 at 11:04 PM on May 26