[FOSDEM] Experimental tools to make the key signing party easier

vatral at vadim.ws vatral at vadim.ws
Thu Jan 30 01:57:55 CET 2014


Greetings!

I apologize if this is not the right list, but I didn't find a more
specific one. I'm developing a set of tools to make large key signing
parties like the one here much easier, and I think I got far enough to
make it usable at this one.

WARNING: This is under development, not done yet, and lacks features.
I highly recommend that anybody wishing to test it first print the
official list.

Here's the link:

https://github.com/vatral/KeySigningPartyTools


So what does this do? It's a set of tools to make pretty lists of keys
to print for the meeting, to make lists of keys to sign, and to import
signed keys from email. With this, even the results of a meeting as 
large as FOSDEM's can be handled in just a few minutes.

The ksp-makelist program reads the ksp-fosdem2014.txt file, and
produces a PDF with the same information. Except it's better
formatted, ensures a key is always fully on one page or on the next,
prints the photo on the key if there's one, and adds a QR code of the
fingerprint.

The ksp-scanlist program then scans QR codes and makes a text file
with the keys to sign. This makes the process after the meeting very
easy. Take a black marker, scribble over the QR codes for the keys NOT
to sign, and then hold the sheets in front of a webcam. Much faster
and less error prone than doing it by hand, and it'll even use eSpeak
to report progress, so that looking at the screen isn't needed.

The ksp-import-keys program comes handy once people start sending you
signed keys. It will read the mailbox and import keys from there
automatically.

I'll probably develop a dedicated key signing program, but for now
caff should do nicely.

Example commands for how to use this can be found in the README on the
github page.



Besides being much faster, I think this approach is more secure too.
The fingerprints are taken from the ksp-fosdem2014.txt file, and
scanned by ksp-scanlist, ensuring that the final list of keys to sign
includes precisely the fingerprints that were verified at the meeting.
This means that it's easy to check the fingerprints in the code, and
it's not necessary to verify by hand that the fingerprint in the paper
list matches the key in the keyring.

I'll be at the key signing party with a copy of the list my code
produces, and a laptop set up for a demonstration, in case anybody is
interested.


Comments, suggestions and patches are very welcome!




More information about the FOSDEM mailing list