GnuPG signing party

This document summarizes how to host a GnuPG signing party. For a more detailed description that considers how to store keys and how to handle large parties, see The Keysigning Party HOWTO.

  1. If you do not yet have a set of keys, generate them. Run gpg --gen-key. Select the default key type, indicate a key size of 4,096 bits, indicate a lifetime of five years, and provide your full name and email address.

  2. Obtain your key’s identifier (MY-ID) by running gpg --list-secret-keys. The identifier is comprised of 40 hex digits.

  3. Optionally edit the key to add additional email addresses you own. Run gpg --edit-key MY-ID, and execute adduid and save.

  4. Export your key by running gpg --armor --export MY-ID. Share this form of your key with the other key-signing attendees.

  5. Display your key’s fingerprint with gpg --fingerprint MY-ID.

  6. Import other attendee keys with gpg --import F, where F is a file containing their exported key.

  7. Find each attendee’s key by running gpg --list-keys, and note its identifier (YOUR-ID).

  8. For each key identifier YOUR-ID, run gpg --fingerprint YOUR-ID. Verbally confirm the fingerprint with its owner. Once satisfied, run gpg --sign-key YOUR-ID.

Assistant Professor

My research interests include free and open source software, system security, and network security.