Welcome to the Keysigning Party coordination webpage
Versão em Português
1. What is a Keysigning Party?
What are keys?
Keys, in the context of our party, are cryptographic mechanisms that guarantee someone's authentication
(data signed by one person was, in fact, that person's creation), as well as secure reception
of properly encrypted confidential information (data sent to one person can only be read by that person). There are multiple paradigms of keyring construction, the most popular being the asymmetric one, where one person has two keys: a private one (kept secret) and a public one (published to everyone)
Keys technology allows that what was signed by one (the private key) is authenticated against the other (the public key). Therefore, in order for us to know if some data was created by a particular person, all we need is this person to sign the data with his/her private key, and that such signature matches with his/her public key. This is easily done, given this person provides us with his/her public key. It should be noted, however, that someone's public key distribution is critical. Transmitting key data over unsecured channels (such as the Internet) defeats the purpose of cryptography, for an attacker could somehow alter the transmitted key, and forge data afterwards. In other words: what do we do when we need authenticated data from someone thousands of miles away? You're not trusting email, are you?
Keyservers exist for that very problem. They store all public keys sent to them. Therefore, it suffices that you know where the public key for that person is stored to authenticate anything signed by that person.
Most used keyservers are pgp.mit.edu, keyserver.pgp.com, subkeys.pgp.net, pool.sks-keyservers.net, keys.nayr.net and keyserver.cais.rnp.br.
Web of Trust
But how can I know that the public key for some person really belongs to that person? If you've obtained it directly from that person, alright... But what if you've obtained it from a keyserver? Are you going to trust the keyserver? Of course not!!! You'll rely on the "Web of Trust".
Every person's public key can be signed by any others' key. The idea is that, if you trust any of the people that signed a third party's key, then you can trust this third party's key. That is called "Web of Trust", and the final goal of a keysigning party is to increase it.
2. How to participate in this party?
The software that generates and keeps the key pairs and the known public keys, in general, follow the OpenPGP standard. Two softwares are commonly used for Keysigning Parties: PGP
. Being free software, we strongly recommend the second one (which we also use in the examples in this text). If you still don't have cipher keys, refer to this
Mini-Howto on the issue.
All Keysigning Parties follow a standard protocol, or method. The protocols are designed to maximize the efficiency of the party according to the number of participants.
Verify below the protocol of you party, check how it happens and what you'll need to participate:
3. Available Parties
Check the available parties
and their instructions.
Check some frequently asked questions
- 25 Apr 2009