Keysigning parties

Keysigning parties are events where people digitally sign each other's digital identities, helping to create trust that the digital identity really belongs to the real person who claims to own it.

The "conventional" approach to connecting digital identities with real entities, using the X.509 infrastructure, revolves around central trusted bodies; large companies like Verisign, telcos, governments, and all the sorts of people you wouldn't really want to trust with exclusive control over that sort of thing. In the X.509 model, only the central bodies are allowed to digitally sign people's digital identities.

An alternative approach is that provided by the PGP encryption system (now know variously as PGP (the original software), OpenPGP (the IETF open standard), or GPG / GNU Privacy Guard (the widely-available open source software)). Under the PGP model, anybody can create as many digital identities as they like, under whatever names they like. Therefore, on its own, such an identity offers no real information about whose it is; anybody could create an identity called "Queen Elizabeth".

However, the PGP model lets people digitally sign each other's digital identities. Therefore, if Alice has a digital identity, then her friend Bob can use his own digital identity to digitally sign Alice's digital identity, so that anybody who trusts Bob's digital identity can then know that Bob claims that Alice's digital identity is really Alice's. Thanks to the clever cryptography, people other than Bob can't forge such a signature.

Why should we care?

Having a strong cryptographic infrastructure in place for the public to use means that people can easily and reliably communicate in private. Knowing that the digital identity you're encrypting a message for really belongs to the person you want to communicate with, and not an imposter, is important for that. The X.509 model gives too much power to central bodies; the bodies that issue signed digital identities can easily create their own identities and sign them in your name, publicise the new identity, and then read messages intended for you. They won't let you have multiple digital identities under pseudonyms; they want to be able to tell who wrote a message so they can come and arrest them if the message turns out to be libelous in nature... or politically undesirable.

See Crypto Wars for more information on the legal and rights issues surrounding cryptography.

How it all works

Without getting *too* technical, a digital cryptographic identity splits into two parts, a private part and a public part. The private part, as the name suggests, is kept secret by the owner, while the public part is distributed to people they would like to communicate with - often, the entire world, by publishing it online.

If you know the public part of somebody's identity, you can encrypt files and messages so that only the holder of that identity can read them. And if they digitally sign something, you can check their signature is really theirs.

And if you know the private part, you can decrypt things encrypted for that identity, and digitally sign things under that identity.

For the technical details, see wikipedia: Public key cryptography

Keysigning is quite simple: take the public part of somebody's digital identity, and then use your own digital identity to create a signed digital document stating that you trust that the holder of that identity really is who the identity claims it is (which can be their real name, or a pseudonym you believe them to rightfully hold). All of those signatures get attached to the public part of their identity, so that anybody can look at them. The ideal is that, whenever you want to send an encrypted message to somebody (or check the signature on a message they send), you can find a mutual friend you trust who has signed their identity. If not, then perhaps you can find a friend of a friend - or a friend of a friend of a friend - creating a chain of trust between you and them.

In practice, not enough people use PGP encryption to make this really work. Nonetheless, an identity with lots of signatures from different people at different dates on it is much more trustworthy than one with none. So having people sign each other's identities a lot is a good thing on two counts: it makes it more likely that we'll have a workable web of trust one day, and it does help to give your digital identity more weight. And whenever you go to the effort of signing someobody's identity and them signing yours, at least you can trust your own signature if you decide you need to communicate with them privately in future.

There are also at least two hybrid systems, which take the X.509 system and add a web of trust to it: Thawte's web of trust and

Not that you need to have all of your digital identities signed - by all means, create several, and keep some totally divorced from your real identity, and use them for planning to overthrow corrupt governments.

How to take part

A keysigning party is simple. Everybody needs to have created a digital identity (known as a keypair, since the private and public parts are technically called "keys").

Rather than actually distributing the public parts, which at several kilobytes are a rather large to write on paper, you should upload the public part to a public keyserver, and distribute your key ID, which is a small number calculated from the public part, and your key "fingerprint" which is a bit longer. Any other digital identity will have a different ID and fingerprint, so somebody with your key ID can use it to download your key from a keyserver, then check the fingerprint is the same, to know they really have your digital identity.

So all you need to take to a keysigning party are your key ID and fingerprint, ideally on bits of paper (such as business cards) that you can hand out, along with your name and email address. You can hand your card to people, then try to prove your identity, perhaps by having a mutual friend physically introduce you or by showing off your lovely new government photo-ID card. If they are satisfied, they take your little card and pocket it (or write down your key ID and fingerprint in their notebook, if you don't have one). Traditionally, keysigning parties don't have many actual computers around, since they're often in pubs or other public spaces; and because they're not needed there.

At the end of a keysigning party, you'll have a load of key IDs and fingerprints written down. If you want, you can assign each of them a level of trust, based on how satisfied you were: the PGP model lets you state your level of trust when writing a signature, from 0 (meaning you've not really made any effort to check their identity), 1 (meaning that you assert that you know this person by this name, but have no real idea if it's their legal name - perfect for pseudonyms), 2 (meaning that you're pretty sure it's their real name) or 3 (meaning that you are sure of their identity beyond any reasonable doubt). When you get home, you sit down at your computer and enter all the IDs, check the fingerprints match, and then sign the keys and upload the signatures to the keyservers for the world to see. Be careful, though: if you've seen photo ID, you've probably authenticated the person's real name and are just trusting that their email address is correct and that they control the key, so unless you know them well, you probably want to stick to trust level 2 at most. Or you can use a tool like caff to ensure that the email addresses you're signing are valid - caff signs a key, then sends an email to each address tied to the key, containing only the signature asserting that you believe that email address is held by the owner of the key. So if somebody creates a key that, for example, claims to be and also claims to be, and somebody signs it, they'll only receive the signature asserting as the other will go to an address they can't read email from.

For larger keysigning parties, all partygoers can add their details to a Wiki page before going, meaning that there's a place the fingerprints can be copied and pasted from (checking them against the trusted paper copies taken at the party!) to save typing.

For more details, see the keysigning party HOWTO, which goes into a lot more detail than this brief document.

Just be careful not to do anything you might regret.

Upcoming parties

In general, local Linux User Groups are likely places to meet other public key cryptography users to get your OpenPGP/Thawte/CACert identities signed. Find your local LUG, join the mailing list, and ask if people are interested in signing at the next meeting.

London / South East

Watch this space. We're discussing organising a regular thing.

Bristol / South West

Key signing is planned for the Bristol and Bath Linux User Group meeting coming up on the 26th of July.

Past parties