This year we are resurrecting the PyConUK OpenPGP Key-signing party! This involves meeting people to verify their online cryptographic identities in person. Read more on the Wikipedia page about key-signing parties.
It's a great way to meet new people and get started with personal cryptography. PGP is how investigative journalists can securely communicate with inside sources and whistle-blowers, however, this is not just for those who need it for their safety—it's also a useful thing to have for authenticating commits in open source projects.
The party (episode 2) will be on Sunday the 29th October at 12:30 in Room D. To get involved you must submit your key beforehand.
To do so, just create a YAML file in the keys directory. The filename should match your GitHub username.
# /keys/[username].yaml
name: <your name as on your ID and PGP identity>
fingerprint: <your PGP fingerprint>Tips:
- Your name must match the name in your ID (where possible).
- Your name must match the name in your PGP Identity (if you don't know what this means don't worry, we can help you on the day).
- Use your key fingerprint, not the key ID. The fingerprint is 40 characters long, but might have spaces or start with
0x.
For those in-the-know, we will be implementing the Zimmermann–Sassaman key-signing protocol.
If you do not already have a PGP key, and would like to get started with personal cryptography, please come along with your devices and we will help you get setup. Alongside this, there will also be time for verifying other types of digital identities e.g. those used by WhatsApp/Signal/Telegram etc.
In order to verify everyone efficiently, we ask for participants to try to generate their keys before the big day (see details below) and submit these either as pull request to https://github.com/PyconUK/2017-key-signing-party or email them to [email protected]. If you have any issues doing this, we can help you on the day.
-
Government issued ID—Please note, for those with existing keys, that your ID should, if possible, exactly match the identity used on the PGP key you wish to have verified e.g. if your key says Lizzy but your ID says Elizabeth, you will need to add a new identity to your key. If you do not know how to do this we can help you. If this is not possible (your chosen name and legal name differ, or you do not posses such ID), don't worry you can still participate, but signing parties may choose to assign a lower validity rating to your key.
-
If you do not have a PGP key, please come with a device with an OpenPGP implementation installed (please see Install below) and we will talk you through how to get started. This does not need to be a laptop - there are available implementations for iOS and Android devices also.
Install an OpenPGP implementation:
- Mac: https://gpgtools.org/
brew cask install gpgtools - Windows: https://www.gpg4win.org/
choco install gpg4win - Linux (desktop): Should be already installed. You might need to upgrade
to a package called
gnupg2 - Android: https://www.openkeychain.org/
- iOS: https://privacyapp.io/