Yesterday, I ran my first cryptography workshop and keysigning party at kwartzlab (actually, it was my first workshop, period). The turnout was actually a lot better than I was expecting. Unfortunately, I didn’t think to take pictures.
This post is mainly about my observations on how I’d do things differently if I were to run one again (and I probably will) as well as some reference notes for the people who attended.
What is Cryptography?
For those unfamiliar with cryptography, Khan Academy has an excellent series of video tutorials on the subject, although, they deal mainly with the basic mathematics behind the subject, which I find fascinating, but may not be your cup of tea.
How the Workshop Worked
The tutorial was broken up into two parts. The first part was a basic rundown on what public key cryptography is, and how to use GnuPG. This part ran pretty smoothly. The second part was the actual key generation and signing. Because of the large number of people present, this ran significantly longer than I had expected; I think I finally went home around 11PM.
How I’d Do It Better
Ideally, when you run a keysigning party, you want people to have their keys generated beforehand. Since this was a tutorial as well, this can’t really be done for some people, but it doesn’t take that long to generate keys.
I think next time, I’ll create some sort of script that will allow people to generate and print a sheet of paper, which can be cut into slips, containing their name, e-mail address, key ID, and fingerprint. Rather than signing the keys at the event, they can simply hand these slips out to the other participants (showing ID where necessary). Afterwards, people can just go home and sign the keys there using the slips to validate them. That way, only the people who are not familiar with the software will need to stay behind for help, and even then, they’ll probably get it after signing a key or two.
Using GnuPG through the Command Line
I was going to write an explanation of how to do the most common tasks in GnuPG, but I found this handy guide to using GnuPG on the command line so I won’t bother duplicating that effort.