Help a PGP/GPG noob hold a key signing party.
May 26, 2008 1:17 PM   Subscribe

Help a PGP/GPG noob hold a key signing party.

I just finished reading Cory Doctorow's Little Brother. In the story, the main character holds a key signing party for his friends. I was interested in doing this, partly because I'm a nerd, partly because it'd be fun, partly because I'm paranoid and have things to say to the world.

Well, I've done a little research, and my friends are interested. However, in guides to holding key-signing parties, they suggest that each invitee create the keys beforehand- something that didn't happen in the book. Also, the tool I would be using, the Mac Client, automatically stores your data to the computer after it is created.

Basically, how can I have people generate the keys at my house? I don't want to store the keys (except maybe my own) on my computer. And what's the best way to have them copy down everyone's keys, if they are generated there? And how do they "sign" them?

Thanks for your help!
posted by zenja72 to Technology (12 answers total) 5 users marked this as a favorite
Could you have the client store to a flash drive?

...or maybe use a different client?
posted by toomuchpete at 2:00 PM on May 26, 2008

Isn't generating all the keys on your computer a security problem for everyone else?
posted by grobstein at 2:07 PM on May 26, 2008

Response by poster: Yes, it is, but I doubt most of them would do it on their own computers.
posted by zenja72 at 2:15 PM on May 26, 2008

Response by poster: Yeah, in the book, they had to create them at the party. They all trusted each other, as do my friends me.
posted by zenja72 at 2:16 PM on May 26, 2008

Best answer: Cory's solution (from a quick reading) is that a clean home-built laptop was rebooted (from a clean distro) for each user, and a hacked key-generator that didn't save the keys to disk was used - so each party guest generated their keys, took a cell-phone picture of their private key as shown on the laptop's screen, and then had the other guests each take a picture of them holding the laptop as it showed their public key. Then the laptop memory is wiped with a reboot, and the next guest repeated the process. After the party, each guest was supposed to go home and type in their private key and then all their friends' public keys - and of course delete the cell-phone pictures.

This solution was thought through very carefully, and reviewed by all Cory's crypto-nerd friends, and no element of it is optional. It isn't even really a key-signing party - it's just a key-exchange party. (At a key-signing party, you'd all sign the keys you got at other parties with your private keys and pass them around along with your public keys.)

Now, I had to recreate my 2048-bit private RSA key from my paper backup a month or so ago, and it sucked. Even if you hack ssh-keygen to write to screen (it has no option to write to stdout) I'm not sure you're really going to be able to get people to follow through on the rest of the manual protocol.

Just have a public-key exchange party; send simple ssh-keygen instructions and cheap flash drives in the invitations, take everyone's key from their flash drive at the door, and let everyone load up their drive with all the other guest's keys on the way out.
posted by nicwolff at 2:27 PM on May 26, 2008

Response by poster: @nicwolff: Thanks for a great response. Can you elaborate on how you would use the flash drives? Would they create the keys (PGP/GPG, not ssh) in advance, copy them to the flash drive, and I would create a master list to copy back to each person?

Most of these people have laptops, so do you think it'd be a decent idea to have them bring their laptops to the meeting and create them there (with tech support)? I realize this is imperfect, but again, we all trust each other.
posted by zenja72 at 2:41 PM on May 26, 2008

Best answer: In practice, I've found that the biggest operational PGP problem is not key compromise but key loss. There's a high "infant mortality" rate for keys as people forget their passphrases or misplace their thumb-drive keyrings. I've taken to not signing any key that hasn't been in use for at least a few months. I'd recommend that you host a pair of parties: one, a "getting started with pgp" party in which people generate keys and exchange them but do not sign them (or just use the "local signature" feature of gnupg); then you guys can exchange a lot of encrypted mail and get used to using pgp; then have another party a few months later for fingerprint exchange and key signing. Some people will still be using the keys generated at the first party; some people will have had to generate new keys in the interim. If someone screws up while learning stuff, you don't end up with unusable or compromised keys floating around in the web of trust forever, tempting you to accidentally send mail no one (or everyone) can decrypt.

Ideally, people should generate their own keys, or at least generate them on their own hardware to minimize the likelihood of everybody's keys being compromised if the evil cryptoninjas steal the generating laptop and do hardcore data recovery on it. People can also generate their keys at home and just exchange fingerprints at the party.

GnuPG Keysigning Party HOWTO

Biglumber — key signing coordination

PGP for absolute beginners; the FAQ; some discussion of the web of trust concept.
posted by hattifattener at 3:05 PM on May 26, 2008

Also, check your local linux user group, many of them throw in key signing as a part of their meetings.
posted by Brian Puccio at 3:30 PM on May 26, 2008

(Also fun: PGP trust-path finders: WOTSAP,, and the now-defunct original at AT&T Research. It's like six degrees of cryptographic bacon.)
posted by hattifattener at 4:09 PM on May 26, 2008

Best answer: Basically, how can I have people generate the keys at my house?

What a terrible idea. Anyone who is willing to make a key in an untrusted environment is not worthy of trusting to keep their key safe in other ways. In fact, this is a good way of finding people you should never trust with cryptography. Black-list everyone who does that.

I'm a huge fan of Doctorow, but the scheme in the book is bogus. No one at the party knew they were getting keys that were random. Imagine Eve setting that instance of GPG to emit a series of known keys. She wouldn't even need their passphrase to decrypt anything and forge anything.

Please, don't do that. Depending on bad security to do high-value things is worse than knowing you're not secure and not doing them.
posted by cmiller at 4:29 PM on May 26, 2008 [2 favorites]

Response by poster: I recognize where you are coming from *completely*, but if you look above, you'll see that the best answers are those that suggest having people do it at their homes. This will be tough, but worth it.

Also, your tone was a little harsh, but I do recognize where you are coming from.
posted by zenja72 at 4:58 PM on May 26, 2008

Best answer: Yeah as others have said, it's totally flawed to have your guests generate their keys on your machine. That's really, really bad practice, and if you're going to do a key-signing party (or key-exchange party) you might as well do it right and not start people off on the wrong foot.

It would be acceptable, IMO, for people to bring their own hardware (laptops) to the party. In fact I think that would really be the best way of doing a key-exchange.

Slight aside: I suppose in theory, creating your key on your own laptop in someone else's house might be a security risk (they could have TEMPEST gear installed in their table!) they're sufficiently remote that they would at least pass my personal 'giggle test' if I was doing it at a friend's place.

So what I'd do is have everyone interested come over, bringing their own, trusted laptops with them, and then you could do key-signing for the people that already have keys, and talk the total newbies through the process of installing and setting up GPG, generating their keypair, and generally getting things ready. There's a lot of merit to the suggestion of waiting to sign new folks' keys for a few weeks, but that's really a decision that's up to you and the other signers. (Basically you just have to judge people's interest level -- are they serious about it or is it just a passing fad for them?)

So basically, you just provide the venue, copies of GPG, and expertise/help. Let everyone swap public keys, and let people who want to sign them do that too. If you had Flash drives, that would make the key-swapping easier (everyone could just write or attach their name to a Flash drive, and pass it around the room ... everyone else puts their public key on it and gives it back, they load the keys onto their ring and are ready for signing/verification). Email or IM would be possibilities too, as would a file server, but Flash drives are easy and might help with organization. Also: cool, cheap party favor.

Doctorow's procedure with the cellphones seems like it would probably work, but it would be cumbersome and it still requires you to trust the laptop that you're generating on. Rebooting it from ROM every time provides some security, but not a lot; better just to bring your own laptop. Plus ... if the people you know who are interested in GPG are anything like the people I know (myself included) who are interested in it, they're probably going to show up with laptops unless you tell them not to, so you might as well make use.

Good luck and sounds like fun!
posted by Kadin2048 at 11:04 PM on May 26, 2008

« Older How can I start traveling?   |   Non-religious memorial service readings Newer »
This thread is closed to new comments.