GnuPG signing party
This document summarizes how to host a GnuPG signing party. For a more detailed description that considers how to store keys and how to handle large parties, see The Keysigning Party HOWTO.
If you do not yet have a set of keys, generate them. Run
gpg --full-generate-key. Select the default key type, select the default curve or number of bits, indicate a lifetime of five years, and provide your full name and email address.
Obtain your key’s identifier (MY-ID) by running
gpg --list-secret-keys. The identifier is comprised of 40 hex digits.
Optionally edit the key to add additional email addresses you own. Run
gpg --edit-key MY-ID, and execute
Export your key by running
gpg --armor --export MY-ID. Share this form of your key with the other key-signing attendees.
Prepare to confirm the other attendees safely received your key: Display your key’s fingerprint with
gpg --fingerprint MY-ID.
Import other attendee keys with
gpg --import F, where
Fis a file containing their exported key.
Find each attendee’s key by running
gpg --list-keys, and note its identifier (YOUR-ID).
For each key identifier YOUR-ID, run
gpg --fingerprint YOUR-ID. Verbally confirm the fingerprint with its owner. Once satisfied, run
gpg --sign-key YOUR-ID. This indicates that you have met the owner of the key, and that you confirmed the key is valid.