Key-signing party!

[Ian Maxwell]

Here's the idea:

• Post your public key fingerprint here.
• Offer some solid evidence that you own that key. (You can decide what constitutes solid evidence. Or, more accurately, your audience can.)
• We all collect and sign one another's keys, provided we're convinced of their identity.

For example, I just posted the following message in another thread.

Code:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I am the real Ian Maxwell with public key fingerprint BFBC8D95. My key is only self-signed, but you can verify it by doing the following:

- - -  Send an email to ian.maxwell@gmail.com with subject line "BFBC8D95" and body text "bitcoin".

- - -  I will respond with a signed message referencing this one.

If you do verify my identity, I ask that you sign my public key afterward.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)

iQIVAwUBTdfdNnO2hWa/vI2VAQJ29BAA5sIRG6i+yrZ9XSGejecHD8bKORebLLfR
4iynImjzs2ecYU6g0E5K3gLZlOnVZmnpRlhaTHgsKl/by55XA7uJq9ITXuurrRQN
2J+J280zbmA+QtbE8ulENfRbmPkPfEmwJEZedLg70rsdHFbt54bUFnlB2pViflRA
wDFBB+o8jB4sc1mRPtxpRfGDMARaGBzXV+xI/NYTUfzpvmfhNeErfPzCqeLttnTo
QCI9y1+vBHnzsyFKi9DMwrMi0C1fy82RVzG0s0/VLqZa4oDcJbJXm/IucAYW64Kz
QbT/3eJ/d7PWhwcWTCefDA96/zT3HT+TyNMdrMoumRcpB6MKT3Sv41xMXsgP1nb4
u/CGZ6NR+lwbPV4GMLahMIM5W41XWD67LlHetPKXlHSjO0VAUmvYiF22nSErQMj1
B6Dq0RQ/8bpqK/WLXOBP/pEMQSC1ZquqDKs72DT8tQkYQmNiMOoC4A+7CcqNyFxz
JFW70Bjmq1fABKLfVs7Au4gu2AJFOofv5u751hMIS2+aumaaRvsxU8f3VGBweaRh
SZFiBk52SGJWVkooYqUSgZXZTphdgmUg3PUSswLrHtJtwuF7H0IkMfStzeejkSys
XFPUZ3YCQc7/Kw3yxSDpLAn2Y4DNSvbcwZFjZN+ZahGMmuli09zORw869Lp7PQ5j
RVTFPiPiUQE=
=o3wJ
-----END PGP SIGNATURE-----

Note: although I'm revealing my offline identity, this is not required! You can use a pseudonymous key if you like, as long as you can prove it's yours. Signing a message with it may be enough.

[1713564377]

1713564377

[1713564377]

1713564377

[1713564377]

1713564377

[FatherMcGruder]

Mulling this over...

[kseistrup]

I'll bite:

Code:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

I'm the real Klaus Alexander Seistrup with public key fingerprint EF41 41A1 2900 CE74 1F0C C704 6EB6 06A3 8851 0169.

To verify my public key, please follow the instructions at http://klaus.seistrup.dk/pubkey_verify.txt

If you do verify my identity, I ask that you sign my public key afterward.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBCgAGBQJN1/7UAAoJEG62BqOIUQFpeaoQALNycrUVljIK7u832SUrMpti
ZeDKrLC0MYnCPTaWXxPe1fyDFo3o/06iwDtYl7k1z0epqA9cswxwZdIWv2e9RhHl
u1UXoY2++FdrwhWlJBh2OZtT+W+0TpM5nQ8zbJxYndcB/DktUtz2LeRW2hMvoCbX
9DrydXoDcipQwo9R+UYpjVppYF7XoiBcSNnFmEwADzh7Q0/7r1R4O5d8p23P7CdJ
D+uzaaGTtvIIqhEBJVCVh00K/rLDBYfvpIRQpGtkKAuKdj1JasRdh1A9D0dP0ud5
35NH0yrg6Pg86w5yNnPolSTr23Yaf+CGxWBPFw6OjSq+GHa2DKrImAXZ/M8iV3b1
2FTDvp9cbCwPKZFHcG+6ZN+na0qoenCzfeycWfdJUnaQuF//YA+QNI++fI5+Pj3g
VAz0ONzbak7MaS1L56iQpmmro0o1mYX7BGpiZDV3pOCZ5HYkCTcve3FTo18tsvdF
Geu0+xZpPGw68NXdNJ0qq6ORSlgPwmG+18LibE8aoRbRL4N5fGE8jExtqVuBaEFv
4h5q5fM/q9CYihFzqLDhDc1D0BP3NY6pnVDKfKXWsE/BjPQT57OiPNzc9fXPHdxC
fSf27GfTQivnTGVY+yXXJptLXdZcmhhwrbjuvVT3Wz7o+jR2Be+d6Oi9zclPfc1a
qWvrSIF1pNNt+TnqbUhF
=vgiB
-----END PGP SIGNATURE-----

Cheers,

[kseistrup]

Houston, we have a problem:  Gmail breaks long lines, causing a bad signature.  Dammit, Gmail! 

[Ian Maxwell]

Thanks for figuring out the problem! I was about to post it myself.

I'll have to edit my auto-response to include line breaks for long lines.

[kseistrup]

I just updated my auto-response, too, in order to avoid long lines.

[Ian Maxwell]

Problem: it's still breaking up the signature itself. Never mind, fixed. Try again.

[kseistrup]

Problem: it's still breaking up the signature itself.

Really?  I chose “Show original” on my own auto-response and saved it to a file, then veirified the signature.  Could you try mine again, please?

Cheers,

[Ian Maxwell]

I've tried again and verified (and signed) your key! One of my extensions had stuck an image in the middle of your message, and I forgot to "show original" before checking it.

Mine should be fixed as well now.

[kseistrup]

I've signed yours, too.  I think this is a pretty cool way of holding a key-signing party!! 

Cheers,

[FatherMcGruder]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I am the real Kurt Padilla. My public key fingerprint is 5D67 9B6C 3A35 D9B5 5A76 42F9 D188 DC4D FF7E 7CCD.

To verify my public key, please send an e-mail to kurt dot padilla at gmail dot com with "FF7E7CCD" in the subject and "bitcoin" in the body text. You'll then receive a signed response referring to this post.

Once you verify my identity, please sign my key.

Thanks!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iF4EAREIAAYFAk3Yg/sACgkQ0YjcTf9+fM1e1AEAhh11JoSrd11gdArlF9lMvVa1
mLingKrX/HIivvtINj4A/jirwuSwH7WXBb4qM1o5MZSEFWEAcSbMeX9yRdb3u67D
=Nicc
-----END PGP SIGNATURE-----

[kseistrup]

You'll then receive a signed response referring to this post.

If this is supposed to happen automagically, it didn't…

Cheers,

[Matt Corallo]

Code:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I am the real Matt Corallo
My key fingerprint is 0A82 5097 67C7 D4A5 D14D  A230 1AE1 D350 43E0 8E54.

To verify my public key, please send an email to pgp-verify@bluematt.me and you will receive a this signed message in an email.

Once you've verified my identity, please sign my key.

Thanks.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBAgAGBQJN2PC+AAoJEBrh01BD4I5U74MP/R7ht5e7oNbZ9xFtJsAt0dU4
UDLwyOHXQ0Xj0aDDnKgP/0GewDReB4qdj26sCzEizVEEDuVu7apXs4Sotqg8ney5
qpo5B6ltMiSZiHB+TInrDInpkxUl51EZ8kBm5YdQNbkqoFjuWuAw7hxae6gVqbxm
5RNtuxKdVzwgybFj1w51u1Ntai/1kJsa7zJeIClZ1ilxB+m5g0mLfolKAXRc5XGs
f/JgWaD+9lT8ZlJjh4poJnwF/lb0+LOdfhxX0RsmaRkGiCXFy2nRp+0rmOO0nfvw
JC5sJ4mgr50H+mNAtVXBuCQ4hpSGXfMDZ7XxGd8mrUHULS3cJAEJ3wxq2hygAs/p
MH1+2aiquqxXepOCWn52HT1zyjsvPolV+5Wy3Ttw9eeX+X78GnqlM/MfuxpB9iig
4FRLqHICsU4J234DHzZthaNxx6b6VkvBtkvKUE6+aWN9/AqrN+GlHirsDF9WSfaK
UNMhlhHq9wg48Ug1M0AY2tI37Wx2/GqnDgrtXHFBryqTFTrFW+OJ/O3TGPv7tu0K
ga5qvEsDg4y70OUAQnUPR7A1LWu6xbDftWJW80RI1YDbJp4vv234q28CXwEVgtu5
mT5DmYOy9ENT5pkVFCeGlfA4L2P5dHAbPKSmUa0SOMwPz1KUOaw5/1YFpSTs0SVS
LTUFghypj4mhM4OZApGU
=ogn9
-----END PGP SIGNATURE-----

[kseistrup]

Matt,

The following two lines were broken in the autoresponse I received:

Code:

My key fingerprint is 0A82 5097 67C7 D4A5 D14D  A230 1AE1 D350 43E0 8E54.

To verify my public key, please send an email to pgp-verify@bluematt.me and you will receive a this signed message in an email.

You might want to introduce hard line breaks in your text before signing it.

Cheers,

[Matt Corallo]

Matt,

The following two lines were broken in the autoresponse I received:

You might want to introduce hard line breaks in your text before signing it.

Cheers,

Good point, sorry I still haven't set up the autoresponse yet, waiting for gitian to finish with its kvm magic so I can use VBox to manage my postfix server, the response was manual... Ill have it working after a while.

[kseistrup]

Good point, sorry I still haven't set up the autoresponse yet, waiting for gitian to finish with its kvm magic so I can use VBox to manage my postfix server, the response was manual... Ill have it working after a while.

Cool.  Meanwhile you can verify mine.   

Cheers,

[Matt Corallo]

Good point, sorry I still haven't set up the autoresponse yet, waiting for gitian to finish with its kvm magic so I can use VBox to manage my postfix server, the response was manual... Ill have it working after a while.

Cool.  Meanwhile you can verify mine.   

Cheers,

Took long enough, but I finally got maildrop to push through sendmail to forward through postfix through the relayhost.

[kseistrup]

To verify my public key, please send an e-mail to kurt dot padilla at gmail dot com with "FF7E7CCD" in the subject and "bitcoin" in the body text. You'll then receive a signed response referring to this post.

I've received a few responses referring to this post, but all of them were unsigned…

Cheers,

[FatherMcGruder]

If this is supposed to happen automagically, it didn't…

Cheers,

The automagic should be working now, I think. Apologies to anyone who got more than one response, or got responses that weren't very good. I'm using Thunderbird, if anyone has any tips on that.

[kseistrup]

To verify my public key, please send an e-mail to kurt dot padilla at gmail dot com with "FF7E7CCD" in the subject and "bitcoin" in the body text. You'll then receive a signed response referring to this post.

I've received a few responses referring to this post, but all of them were unsigned…

I've now received a bunch of signed messages.  The showstopper now is that they've been converted to HTML after signing:

Code:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <meta http-equiv="content-type" content="text/html;
      charset=ISO-8859-1">
  </head>
  <body bgcolor="#ffffff" text="#000000">
    -----BEGIN PGP SIGNED MESSAGE-----<br>
    Hash: SHA256<br>
    <br>
    Hi,<br>
    <br>
    You've received this message because you followed the instructions
    in this forum post:
    <a class="moz-txt-link-freetext" href="http://forum.bitcoin.org/index.php?topic=9251.msg134453#msg134453">http://forum.bitcoin.org/index.php?topic=9251.msg134453#msg134453</a><br>
    <br>
    In it, I stated that I am Kurt Padilla and that my public key
    fingerprint is 5D67 9B6C 3A35 D9B5 5A76 42F9 D188 DC4D FF7E 7CCD. As
    such, you can verify my identity, or at least that I own both
    <a class="moz-txt-link-abbreviated" href="mailto:kurt{dot}padilla{at}gmail{dot}com">kurt{dot}padilla{at}gmail{dot}com</a> and FatherMcGruder on the Bitcoin.org forums.<br>
    <br>
    Once you do, please sign my key.<br>
    <br>
    Thanks,<br>
    Kurt<br>
    -----BEGIN PGP SIGNATURE-----<br>
    Version: GnuPG v1.4.11 (GNU/Linux)<br>
    <br>
    iF4EAREIAAYFAk3ZGvsACgkQ0YjcTf9+fM3NtAD+LI/2pZ9v1uWRbUoT9XWXfyl7<br>
    6+zR9kSh0hZT0fITD+gA/RfweaUqCwYODY04G+zaNffWaCaCQxEU8JVrlDQbbJbo<br>
    =rgX9<br>
    -----END PGP SIGNATURE-----<br>
  </body>
</html>

Cheers,