OpenPGP: Web of Trust and Key Signing Parties (Part 2)

Gepostet am: 16. Januar 2019

The second part of the OpenPGP blog series explains the Web of Trust and how to participate in a key signing party to extend it.

Public key servers

Public key servers are used to collect and distribute public keys easily. Basically anyone can upload any key and keys once uploaded cannot be deleted.

Web of Trust

An important concept in OpenPGP is the Web of Trust. It consists of trust relationships between a group of keys. A key signature is used to establish the authenticity of the link between a public key and its owner. In other words: the signature ensures that the name in the user IDs of the key matches the name on the identification of the person presented during the key signing process. You can think of the web of trust as the sum of all links between the group of keys.

Interacting with public key servers

Upload your own key

You have to re-upload your key when it has changed (e.g. in case of added/revoked user IDs, extended expiration dates, added/revoked subkeys or if you have imported someone else’s signature).

Do not upload test or demo keys and never upload someone else’s key without permission.

Search for Keys on Public Key Servers

You can search for long key IDs, user IDs or email addresses on public key servers:

Receive a Key

Refresh all keys in your local keyring

It is important to update the public keys in your keyring regularly, so you receive extended expiration dates and revocations timely:

Note: gpg –refresh-keys discloses the whole set of keys in your keyring to the key server operators. An alternative is to use parcimonie (a daemon that fetches one key at a time using the Tor network).

Key Signing Parties

A key signing party is a come-together of at least two persons to sign each others‘ keys. Key signing parties serve to extend the web of trust.

There are several methods to structure a key signing party. The method described here is based on the Efficient Group Key Signing Method by Len Sassaman and Phil Zimmerman.

In general the key signing party organizer will announce an email address along with a due date, where and until when you have to send in your public key(s). Additionally the organizer will announce a publish date and a download location for the list of participants along with the hash value and the key file containing the public keys of all participants. Alternatively the organizer sends the files by mail to the participants.


To participate, you need to send your key to the organizer. You can either create a new key pair or use an existing one. The process to create a new key is documented in the first part of the OpenPGP blog series.

The preparation steps are as follows:

  • use gpg 2.1.18 or later
  • revoke all non-reachable or no longer valid user IDs
  • use a strong primary key (at least 2048 bits RSA key, with SHA512 hashing algorithm) with an expiration date
  • use your first and last name in user IDs (so it can be matched against your identification)
  • check your key and fix any problem with your key. You can use hokey from hopenpgp tools to check your key:

    If some values are marked in red colour you can find instructions on how to fix the issues in the OpenPGP Best Practices.
  • update GnuPG to use SHA2 in preference to SHA1.Add the following lines at the end of the gpg.conf file:
  • upload your key to public key server (recommended, but not required)
  • send the ascii armored, cleaned and minimized public key(s) to the organizer
    You can export the key with the following command:

Before the Party

Get the List of Key Signing Party Participants

First you need to get the list of key signing party participants (e.g. ksp-example-event.txt). An example is shown below:

Check your Key, the UIDs and the Fingerprint Listed in the File

Check if your keys are present and the UIDs and the fingerprint are listed correctly. If they are not, inform the signing organizer immediately. It is very important that you verify the fingerprints of your keys on the hardcopy at home.

Compute and Verify the Checksum of the File

Compute the SHA256 hash of ksp-example-event.txt:

It is very important to compute the hash value before printing at home.

Print ksp-example-event.txt to Paper

Please ensure to use a mono space font for the printout. One way to do this is to use vim (see :help :hardcopy). Or you can use enscript and ps2pdf (ghostscript package) to generate a PDF file:

Fill in the Computed Hash on the Printout

Now fill in the hash value of the file to the fields on the printout:

Bring Printout, Pen and Government Issued ID to the Event

All you have to bring to the event is the printout, a pen and one form of government issued ID (e.g. Passport or ID card). Ensure that the government issued ID is still valid and you can be recognized on the photo.

Be on Time!

It is important that you are on time for the event as the verification is done simultaneously.

During the party

For each participant you have to follow these steps:

  1. Compare the hash you computed with the other participant.
  2. Ask if the other participant’s gpg fingerprint on the hardcopy is correct.
  3. Verify each other’s identity by matching user IDs against the government issued ID
  4. If you are satisfied with the identification, mark on your hardcopy that the other participant’s gpg fingerprint is correct and has been identified.

To speed up the first step, the hash sum is displayed or at least read out loudly by the organizer at the beginning, so each participant can compare it with the one filled out on the printout.

Depending on the number of participants it might be required to line up according to the number next to their key on the list.

After the Party

Try to make sure to sign the keys you verified within 4 weeks after the event. It is recommended to use caff to sign keys (one of the scripts of pgp-tools.

caff takes a list of keyids on the command line, fetches them from a keyserver and calls GnuPG so that you can sign it. It then mails each key to all its email addresses – only including the one UID that we send to in each mail, pruned from all but self sigs and sigs done by you. The mailed key is encrypted with itself as a means to verify that key belongs to the recipient.

Do not upload the signed public key to a public key server, so the owner of the key can decide what happens with your signature. If you don’t have an MTA (mail transfer agent) configured on your machine you can configure caff to use msmtp for mail transfer.

Configure msmtp

Please adjust the from, user, password, host, password and tls_trust_file (if needed) fields:

msmtp config:

Note: To use msmtp with Google Mail you have to generate an app password.

Configure caff

Please adjust the owner, email, keyid, local-user and also-encrypt-to fields:

caff config:

Link your gpg.conf file to caff

Sign key with caff

Match the fingerprint of each key and the user ID with the ones provided on the printout before signing.

Happy key signing and stay tuned for the next part of the OpenPGP blog series!