Zimmermann–Sassaman Key-signing Protocol
   HOME

TheInfoList



OR:

In
cryptography Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or '' -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adv ...
, the Zimmermann–Sassaman key-signing protocol is a protocol to speed up the
public key fingerprint In public-key cryptography, a public key fingerprint is a short sequence of bytes used to identify a longer public key. Fingerprints are created by applying a cryptographic hash function to a public key. Since fingerprints are shorter than the k ...
verification part of a
key signing party In public-key cryptography, a key signing party is an event at which people present their public keys to others in person, who, if they are confident the key actually belongs to the person who claims it, digitally sign the certificate containing ...
. It requires some work before the event. The protocol was invented during a key signing party with
Len Sassaman Leonard Harris Sassaman (April 9, 1980 – July 3, 2011) was an American technologist, information privacy advocate, and the maintainer of the Mixmaster anonymous remailer code and operator of the ''randseed'' remailer. Much of his career gravitat ...
,
Werner Koch Werner may refer to: People * Werner (name), origin of the name and people with this name as surname and given name Fictional characters * Werner (comics), a German comic book character * Werner Von Croy, a fictional character in the ''Tomb Rai ...
,
Phil Zimmermann Philip R. Zimmermann (born 1954) is an American computer scientist and cryptographer. He is the creator of Pretty Good Privacy (PGP), the most widely used email encryption software in the world. He is also known for his work in VoIP encryption ...
, and others.


Sassaman-Efficient


Before the party

The Sassaman-Efficient method is the first of the 2 types developed. Before the event, all participants email the keysigning coordinator their public keys. The coordinator then makes a text file of all the keys and accompanied fingerprint and then hashes it. They then proceed to make the text file and checksum available to all participants. The participants then download the file and check the validity using the hash. Then the participants print out the list and make sure that their own key is correct.


During the party

Everyone brings their own key list so that they know it is correct and not manipulated. Then the coordinator reads aloud or projects the checksums of the keys. Each participant verifies and states that their key is correct and once that is established a check mark can be put by that key. Once all the keys have been checked then the line folds upon itself and the participants then show each other at least 2 government-issued IDs. Once sufficient verification is established with the authenticity of the person, the other participant puts a second check mark by their name.


After the party

The participants then fetch the keys from a server or obtain a keyring made for the event. They sign each key on their list with 2 check marks and make sure that the fingerprints match. The signatures are then uploaded to the server or mailed directly to the key owner (if requested).


Sassaman-Projected

The Sassaman-Projected method is a modified version of the Sassaman-Efficient, with the purpose for large groups. They both follow the same way with the exception of verifying identity. Instead of doing it individually the 2 forms of ID are projected for everyone to see at once. Once the person has verified that it is their key, the rest of the participants make 2 check marks next to the key.


See also

*
Key signing party In public-key cryptography, a key signing party is an event at which people present their public keys to others in person, who, if they are confident the key actually belongs to the person who claims it, digitally sign the certificate containing ...
* GNU Privacy Guard *
PGP PGP or Pgp may refer to: Science and technology * P-glycoprotein, a type of protein * Pelvic girdle pain, a pregnancy discomfort * Personal Genome Project, to sequence genomes and medical records * Pretty Good Privacy, a computer program for the ...


External links


keysigning.org
–Procedure for Sassaman-Efficient method


References

* Cryptographic protocols {{crypto-stub