An Explanation…

A keysigning party? What?

Well here’s a brief explanation. Encryption is a process, in basic terms, where data of some kind is scrambled beyond recognition to keep prying eyes from reading the information. Data can also be “signed” which doesn’t obscure the information but will provide indication in the event that the information is been tampered with.

For either of these processes, keys are required. Much like those you have in your pocket, encryption keys will allow or prevent access to information. In public key cryptography, each key is split into two parts. The secret part is kept by the owner and is not shared but the public part is shared with everyone else. This system allows a variety of functions.

Someone possessing your public key can encrypt files to you or verify your signature on a file you signed. With your secret key you can decrypt files encrypted with your public key or digitally sign files.

The last part of this process is “trust.” You must have some way of determining that a particular key belongs to a particular person. Just because it has their name and email address identified in the key does not mean that the key actually belongs to them. If your good and reputable friend brings you a key, and tells you it’s his key, you can most likely trust that it is his. What happens when you exchange information with someone you don’t know?

The trust model helps to sort through some of this. When you sign your friend’s key, you’re saying that you’re sure that the key you signed actually belongs to the friend identified on the key. If your friend knows that you will not sign a key without verifying the owner then he could identify your signature as trusted. This means that he would place a higher level of trust on any keys signed by you even if they are held by someone that he’s never met before.

As time goes on this process begins to form a “web of trust” where keys can be identified as trusted as a result of the verification signatures attached to the key. Keysigning parties basically allow an environment where people share identification to prove their identity and then digital signatures are exchanged to increase the trust placed on their keys.

This is a really quick and dirty description of a rather complex process and I’ve made some very general statements in regard to trust. Hopefully I have at least raised your interest and desire in wanting to find out more information about the process.

Read More