[KwartzLab] Key Signing Party
jonathan at jlamothe.net
Mon Sep 12 19:26:04 EDT 2011
-----BEGIN PGP SIGNED MESSAGE-----
On 11-09-12 01:55 PM, Robert Gissing wrote:
> ... so...what is a key signing party? i am not so sure what this is.
One of the challenges I'm going to experience is finding a way to
explain this simply. I'm sure you're not the only person on the list
who doesn't know, and I'll probably be explaining it a lot. ;)
It boils down to this:
There's an open technology called PGP that allows you to encrypt and/or
digitally sign e-mail and other communications (I use it to sign all my
Everyone in the system generates a set of two keys, one public, the
other private. As their names would imply, you *never* give the private
key to *anyone*, but you can broadcast the public key to the whole world
if you like (in fact, the more people who know it the better).
Once this is done, you can send encrypted messages to people and verify
their signatures if you have their public key (the private key is
required to decrypt the message or to generate the signature).
The challenge is that there needs to be a way of being certain that a
given public key actually belongs to the person you think it does.
That's where the key signing party comes in:
It's a time-honoured tradition wherein people exchange public keys in
person so that you know the key you have is authentic. People then sign
the keys to verify their authenticity (think of it like being the
guarantor on a passport).
This creates something called a web of trust, and through some fancy
magic, you can even use it to verify the identities of people you
*haven't* met in person to be able to communicate with them securely as
0 1 0
0 0 1
1 1 1
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the Discuss