Guide for Participants in the Upcoming PenLUG Keysigning:
1. Please print out this page.
Once you have printed this page, please verify your own key fingerprint against the one shown here.
The following command displays it:
gpg --fingerprint "your@email.address"
Remember to bring your printout and your photo ID to the keysigning.
If you can't print this page, at least bring a handwritten copy of your own key fingerprint, as well as your photo ID to the keysigning.
2. During the Keysigning
During the keysigning, each participant will show you his photo ID.
Put a checkmark in the right column, if he seems to be who he says he is.
3. Reading the Key Fingerprints
As each participant reads his key fingerprint out loud, verify that it matches this printout.
Put a checkmark in the left column, if it does.
4. Keep Printout
Don't lose your printout. 
5. After the Keysigning
After the keysigning, download the keysigning keyring (pubring.gpg) (location will be provided here once all of the keys used at the meeting have been gathered).
Import it to your own keyring by doing
gpg --import ./pubring.gpg
While checking keyIDs and signatures against your printout, "sign" each participant's key whom you've properly verified (dual checkmarks), as follows:
gpg --sign-key [keyID]
...for each keyID.
6. Share Your Signatures
The success of the whole process hinges on successfully being able to somehow gather all of the key signatures together, and share them in such a way that all participants of the keysigning
can later access them and use them. So it's essential to do your best to share your signatures with all of the other participants in the keysigning.
There are two common ways to get this done: by email to the keysigning coordinator, or by uploading the signatures to a keyserver on the Internet yourself.
Do it by email
To send your signatures by email, send only the file keysigning.gpg produced by the following command to the keysigning coordinator:
gpg --armor --export [list of key IDs, w/spaces between] > keysigning.gpg
Do it using the Internet
To send the your signatures to a public keyserver on the internet such as pgp.dtype.org,
(for other keyservers, see the keyserver list), use:
gpg --keyserver pgp.dtype.org --send-key [key ID]
Key Fingerprints of Participants
| Key ID | Owner | Fingerprint | Size | Algorithm | Key Info Matches? | Owner ID Matches? |
| 31A6FBD7 | William R. Ward | AD1E 66EC 69EF F6C8 F6B0 B087 C4D4 4DD5 31A6 FBD7 | 1024 | DSA | | |
| 144F16A9 | Peter Knaggs | 7FFA B929 C2F9 628C 76C8 1877 12BF F010 144F 16A9 | 4096 | RSA | | |
This guide is based on these instructions, which were used at the last PenLUG keysigning, kindly organised by Rick Moen.
|