GPG Intro & Keysigning Party « BSidesROC

GPG Intro & Keysigning Party


We will be hosting an introduction to GPG during BSidesROC, as well as a Keysigning party. The introduction will discuss why encryption is important, and briefly go over  how asymmetric encryption (like PGP/GPG) works.

Once the basics have been established, we’ll walk you through configuring GPG on your system, and help you generate the keys you’ll need to ensure your communication is secure. After all that setup, you’ll be set to participate in the keysigning party we’re hosting. Keysigning parties allow folks to add to their web-of-trust, and meet new friends.

If you already have keys, and know how GPG works, that’s great! Skip the intro, and just show up for the keysigning.

To participate in the keysigning event, you will need to have the following:

  • A PGP/GPG public key uploaded to one of the public keyservers, or
  • A printed copy of your public key that shows the public key fingerprint
  • Some form of ID that proves you are the person listed in the key

If you’ve never generated a public key, we can help guide you through the process during the vent.

If you’d like to be involved in this, and get the free beer that comes with it, please register.



To get ready for the key signing party, follow the steps below:

  1. Generate a new key if you’ve never done so before
    gpg --gen-key
  2. Get your key ID
    gpg --list-keys
  3. upload your key to a key server like so:
    gpg --keyserver ldap:// --send-keys XXXXXXXX
  4. Print your key fingerprint
    gpg --fingerprint XXXXXXXX
  5. Copy the long key fingerprint and print it along with your name on pieces of paper to hand out. Print this out 20+ times to make sure you have enough copies.
    pub 1024D/FDB4E17D 2008-09-14
    Key fingerprint = 42E3 A487 909B E4ED 995F B083 CE84 AEC7 FDB4 E17D
    uid Anti-Tree <[email protected]>
    uid Anti Tree <[email protected]>
    sub 2048g/6A0EE10F 2008-09-14
    sub 2048R/F0F79EF5 2010-01-31
  6. Bring this paper and a proof of your ID. If you are not using your real name, make sure you can confirm that your email address is legitimate by exchanging a quick email on your mobile devic