Conference and Tutorials
Thursday 5th to Sunday 8th August
Leeds, West Yorkshire
We will be running a GPG keysigning during the event and hope that most conference delegates will take part in this. This is an excellent chance to meet up with a well-connected group of geographically distributed developers and expand the Web Of Trust. There will be an introductory workshop for people wanting to learn more about GPG.
In order to participate, you will need an OpenPGP-compatible key. We recommend the use of GnuPG. If you do not already have a key, generate one and send it to a keyserver (we recommend subkeys.pgp.net and recommend against www.keyserver.com).
As we anticipate in excess of a hundred people will participate in the keysigning, we shall use a variant of the Efficient Group Key Signing Method.
Register for the keysigning
Before the conference
During the conference
At the keysigning event
After the conference
You now have a piece of paper with various cryptic marks on it sitting in front of you and the daunting task of signing dozens of keys by typing your passphrase over and over again. Fortunately, there's several ways to automate the process.
To retrieve all the keys in the keyring easily, fetch the keyring and import it with gpg --import.
I suggest signing keys in batches to prevent boredom. One useful tip is that you can specify a key by full fingerprint to gpg like so: gpg --sign-key 38FAA231A84DE7C5724850CC2218C81E8E7C03FF Since the fingerprints file has all the fingerprints written down in it already, you can simply copy the fingerprints you verified and pass them to gpg.
You may wish to use a little wrapper program I wrote called gpg-multi so you only have to enter your passphrase once. You can download it from here (sig). You might not want to automate this step. Forgetting the passphrase is the most common reason for keys becoming unused. Typing it in a hundred times is a great way to learn it.
Once you've signed the keys you've verified, don't forget to send them to a keyserver. We will update the resulting web of trust on a regular basis.
If you're not on the list
You can still participate.
If you're going to miss the keysigning BOF
If you wander around looking for people to sign, you'll find a lot of people before the BOF. There's no need to attend the actual meeting if it conflicts with another BOF you want to attend or you have to leave before the BOF.
If you forgot the checksum
You can still participate. You can write down the checksum that other people tell you and, when you get home, verify that the file matches their checksum, then sign their keys. In order for others to be able to sign your key, the best thing to do is give them a copy of your fingerprint.
If you forgot your passphrase
There's basically no way to recover from this, sorry. You should probably generate a new key and start getting that key better-connected. If you had the foresight to generate a revocation certificate, you should add that to your old key and upload it so that people know to not use that key any more.
For more information on keysignings, the Web of Trust, GnuPG and Public Key Infrastructure, try the following links:
|Registration||Keysigning||Call for Papers|
|Timetable||Accommodation||Photos||Papers & Slides||Feedback|
|S P O N S O R S|
Astaro Network Firewall
|M E D I A S P O N S O R S|
Linux User & Developer
|For more information please contact UKUUG||Problems? e-mail webmaster|
|© Copyright 2004 UKUUG Ltd|