Keysignings take place immediately after every meeting:

Please be sure to bring a hardcopy printout of your 40-character key fingerprint.

---

Step by Step Instructions:

To prepare for the keysigning, please follow these steps:

1. Install GnuPG
   This is best done via your package management system.
   
   On Debian based systems: apt-get install gnupg signing-party
   
   Alternatively, you may install it using one of the following:
   RPMs
   tarballs
   on Freshmeat
   home page
   
   For your Windows system, go here.
   
   
2. Create your key pair.
   

   To generate your public/private key pair:
   

   gpg --gen-key
   

   You can safely accept all the defaults when it asks you about encryption algorithm, keysize, and expiration. You will also have to enter your name, email and some comment about yourself. The comment is not mandatory.

   You'll then be asked for a symmetric-crypto "passphrase" (some phrase you can easily remember): It will be used to encrypt the copy of your private key stored on your hard drive. You will be prompted for it any time you want to use your private key.

   gnupg will then work for a while, doing the number crunching involved in creating your keys. You'll be prompted to generate random activity with your mouse and/or keyboard, during the time it's working. Eventually, it will say it's finished, resulting in:

   ~/.gnupg/pubring.gpg
   ~/.gnupg/secring.gpg
   

   These files hold your public and private (secret) keyrings, respectively. Other keys (e.g., from other people you deal with) can be added to your public keyring. To list the contents of your public keyring:

   gpg --list-keys
   

   Also immediately do:

   gpg --output revoke.asc --gen-revoke yourusername
   

   (You can use your e-mail address, instead of your username.) This will create ~/.gnupg/revoke.asc, which is a revocation certificate. You would publish this in the future if you ever need to get the word out that your keys should no longer be trusted. You might have to do this is if your keys are compromised or if you forget your passphrase. (This is why you generate your revocation certificate immediately. Presumably, you haven't forgotten your passphrase already!)
   
   
3. Print out your keyid and fingerprint.

   Bring this hard copy printout to the keysigning.

   gpg --list-keys --fingerprint <username>
   

4. Mail a copy of your public key to the organizer of the keysigning.

   gpg --export --armor "your@email.address" > yourname.asc
   

   Then email that file to the organizer, gpg-public-keys@nylug.org

There is much more to PGP and to keysigning and we will certainly spend time discussing this at the keysigning. Please come and ask questions at the meeting.

And here's what to do after the keysigning:

1. Determine whose keys you wish to sign.

   Use whatever notes you made at the keysigning. You might want to mail the individuals to make sure that they have a valid and working email address.

2. Make sure you have a copy of the key in your keyring.

   If the key resides on a key server, you can retreive it with this command:

   gpg -v --recv <keyid>
   

   where the keyid is the 8 character identifier for the key.

3. Sign the key in your local keyring.

   gpg --sign-key 
   

   where the username is the username of person whose key you wish to sign.

   You will be prompted for your passphrase since you're using your private key to do the signing.

4. Send the key back to the owner.

   You would likely do this through the same mechanism through which you originally received the key. If the owner mailed you a copy of the key, you would mail it back.

   After running this command,

   gpg --export --armor --output keyfile.asc <username>
   

   mail the keyfile.asc to the owner of the key.

   If you retreived it from a key server, you would put the key back onto the keyserver. Your new sig will be transported along with it.

   gpg --send <username>
   

   Remember, the usernames listed above are the username of the owner of the key you are signing, not your own username.

5. Inform the key owner.

   As a courtesy, it's always nice to let the owner of the key know that you've added another signature.

Here are a few references:
Enigmail GnuPG extension for Mozilla Thunderbird
The GnuPG Handbook
How PGP Works
Keysigning Party Guide
OpenPGP" RFC 2440
Mutt-i, GnuPG, & PGP HOWTO

Drew Streib does "Six degrees of Ted T'so" using GnuPG
Justin R. Miller's GnuPG HOWTO

Many thanks for these instructions go to Rick Moen and Drew Streib, and Ari Jort, who put this page up and got things started.

Please bear with us as we get these keysignings underway again.