Brussels / 31 January & 1 February 2015


Improving Key Signing Parties

Tools to make them easier, more secure, and much faster

KSP Tools is a set of tools to simplify and automate the tasks that are needed to attend a key signing party. They will significantly reduce the amount of work needed, and reduce the amount of errors that can be made. My aim is to reduce the amount of work to be done before and after the meeting to just 5 minutes, even with the large amount of people that attend the event at FOSDEM (~100 people), without compromising security.

I also hope to considerably shorten the amount of time that a key signing party takes through future work.

The current tools are:

  • ksp-makelist: Generates a better formatted key list for usage at a key signing party. It's better looking, more readable, more comfortable to use and can be processed automatically by scanning QR codes.
  • ksp-scanlist: Makes a list of keys to sign by scanning QR codes from the above list.
  • ksp-list: Performs operations on a list of selected keys like signing keys and mailing them.
  • ksp-import-keys: Connects to a mail server and automatically imports signatures people emailed to you.

The tools automatically check fingerprints and use a file format that is easy to handle with standard tools like grep and awk.

These tools were made after my experience with key signing parties at FOSDEM and I hope other people will find them useful.

After attending several key signing parties at FOSDEM I found that with a large number of participants it's a process that can take hours to finish the meeting, and a large amount of time afterwards to deal with the results. It's easy to make mistakes that make people waste their time, or that compromise security.

Since PGP signatures are widely used in Free Software development (for instance for signing packages), it's important to make the process as reliable as possible.

Signatures are also important for end users. Important packages like GPG or Tor are signed. The easier it is to participate in a key signing party, the more people will attend and will be able to know they got a good copy.

The tools are written in simple, clear code and follow the UNIX philosophy, making it easy to customize the process to your needs.


Vadim Troshchinskiy