Congress + GPG/PGP Keysigning

EWPettersson · July 18, 2014, 7:38am

Is anyone else interested in GPG/PGP keysigning while at Congress? I’ll have my fingerprint with me, and will happily sign keys if you have fingerprint+ID.

Why?

Establishing a web of trust. A public key is really just some data, and you can claim that a given key belongs to anyone. If, for example, I sign your key, then anyone who trusts me would be able to see “Ah, yes, William says this is the right key so I’ll believe William and use this key”.

What if I don’t trust you?

Luckily, this is not really relevant. Me signing your key is me saying “Yes, this is Bob’s key”. It does not in any way give me access to your key. Indeed, all you need to do is show me your public key and some ID so that I know it is you. Likewise, I can show you my public key and you “sign” it to say that you agree that my key belongs to me.

How?

I use GPG+mutt, so I won’t be able to give step-by-step advice on how to use gpg/pgp with other email clients. However, there are many tutorials on the internet so searching should help. In addition, if you have particular questions I’ll do my best to answer them.

No, really, how do I sign keys?

There are three steps. Bring your fingerprint, exchange fingerprints, and actual signing.

Fingerprint

First, you need to show people the fingerprint of your key. I’ll use the command line gpg program and my key as an example. My key id is 0x658AA6C401163E65 so I run

$ gpg --fingerprint --keyid-format 0xlong 0x658AA6C401163E65
pub   4096R/0x658AA6C401163E65 2012-09-12 [expires: 2016-09-11]
  Key fingerprint = 3899 138A 83DF 32B7 F519  DC70 658A A6C4 0116 3E65
uid                            William Pettersson <william@ewpettersson.se>
uid                            William Pettersson <enigma@strudel-hound.com>
uid                            William Pettersson <william.pettersson@gmail.com>
sub   4096R/0xCCAEA94065885B3A 2012-09-12 [expires: 2016-09-11]

From this you see the fingerprint. Print (or write out) many copies of these to bring. Make sure each copy at least lists your name and the key ID (the 0x658AA6C401163E65 in my case). I tend to just print out the whole output.

Exchanging fingerprints
On the day, you’ll need to give people your fingerprint. However, people shouldn’t just accept fingerprints blindly. They should either know you, or check your ID to make sure you aren’t an imposter. You should also accept fingerprints from others. Don’t be afraid to ask for ID if you don’t recognise someone.

Signing keys
Lastly, you’ll need to sign the keys. This is often done later, as not everyone carries their secret key around. You will also need a keyserver setup. I use pgp.mit.edu but any should work.

First, download the key(s)

gpg --recv-keys 0x658AA6C401163E65

Then, sign the key

gpg --sign-key 0x658AA6C401163E65

Lastly, upload the signed key to a keyserver. Note that you can do this with multiple people in parallel, signatures shouldn’t get clobbered.

gpg --send-key 0x658AA6C401163E65

Obviously if you’re using a different program the details will be different, but the main steps are still the same. Bring your fingerprint, verify identities and exchange fingerprints, then sign+upload the signed keys.

(Should I put this on a wiki?)

Edit 1: Converted to use long (64bit) key IDs as per BenM’s comment.

BenM · July 20, 2014, 2:30am

Even though I’m not at the Congress this year, this is always a good idea. I’d recommend updating instructions to use long form key IDs, since the short form can be deliberately generated (for example I have a correspondent whose short key ID really is 0x00000000).

EWPettersson · July 20, 2014, 2:12pm

Didn’t realise there was such an issue, will update. Curious though, how does this work in most systems? Can I have two distinct keys with the same short-form ID in one key-ring? Will the software choose one at random? Deterministically? Depends on implementation?

Additionally, I feel like anyone who deliberately attempts to generate a specific short ID is being annoying in the least, especially if other keys with said given ID already exist.

Ben · July 20, 2014, 2:40pm

It’s done by generating a great many keys until one is generated with the short key ID you want (there are scripts to do this) and discarding the rest. GPG won’t care because it actually uses the full key ID (i.e. the fingerprint) to select the keys and will select the one which numerically appears first when matching short or long key IDs or user IDs. That is, when the fingerprint hex is converted to a ridiculously long integer.

Anyway, here are some of the vanity keys in my keyring and on the keyservers:

bash-3.2$ gpg -k 0x00000000
pub 4096R/0xB4156B9700000000 2012-05-03 [expires: 2014-12-31]
[USER IDs removed because there’s a huge number of them.]
sub 4096R/0x9A057096B1B8C505 2012-05-03 [expires: 2014-12-31]
sub 4096R/0x340122149590191F 2012-05-03 [expires: 2014-12-31]
sub 4096g/0xEF677A9B07F97BE5 2012-05-03 [expires: 2014-12-31]
sub 4096D/0x94B3903FBA0A0F13 2012-05-03 [expires: 2014-12-31]

bash-3.2$ gpg -k 0x12345678
pub 1024D/0x8FA48E2C12345678 1991-01-03
uid Beretta beretta@ipfw.org

pub 1024D/0x75EF2DD712345678 1996-06-16
uid Artemis artemis@olympos.god

pub 1024D/0x007D471112345678 2000-01-23
uid Beretta

bash-3.2$ gpg -k 0xFEEDABEE
pub 1024D/0xC4599386FEEDABEE 2010-05-10
uid halfdog me@halfdog.net
sub 4096g/0x8BF19B33FEEDABEE 2010-05-12

bash-3.2$

Note that the first Beretta one (0x8FA48E2C12345678) was also generated with a fake date since that date is before PGP was released (Phil Zimmermann released it in June of '91, not January) and DSA-1 keys were not used in the initial release.