CAcert Assurance (and PGP key signing) WoT Party

CAcert certificate (and PGP fingerprint) identification is based on multiple (the more the better) persons doing an identification check with official identity document(s), like a driver license, passports, identity cards, etc.: the Web of Trustworthy. The Web of Trust is basically a reciprocal process: one has to identify to each other.

The party is essential to strengthen the Web of Trust and keep the security technique open and freely available. Usually at CAcert assurance party one can do PGP key signing as well.

Have your identity checked at the party and bring with you a governmental issued identity document.

The procedure for the assurance is simple.

Be prepared and follow the instructions, so the enormous success other assurance parties can be repeated. If you do not join time of the party make sure you use the excuse of “can you sign my PGP key” or “can you assure me for CAcert” to start a chat with a random person at your event.

GPG/PGP and digital X.509 certificates are both en/decryption and signing applications. GPG is merely used in securing open source software package distributions. The open source technique is GNU GPG. X.509 is merely used in signing documents and securing internet communications (e.g. SSL). The open source technique is OpenSSL.

At the party location make a line: one for PGP signers and and one for CAcert Assurers.

Visitors willing to be assured or have their fingerprint signed will pass and show their identity papers.

The name on the identity paper should be exactly the same as on the assurance form. Assurance papers will be signed. Assurance points will be assigned.

CAcert Assurances

Stuff to do right now e.g. at home

More official proofs of identity give you more Assurance Points. With at least 50 Assurance Points you have your name on the certificate. With the Agreement ticked and signed you join the CAcert Community and will be able to get an issued certificate signed with the new CAcert Root key, which is hopefully included in the browser mainstream soon this year.

For CAcert Assurers: Assurers are those who have collected at least 100 Assurance Points and passed the ''Assurer Challenge'' (make sure you did). As multiple names as on the identity papers are allowed but not implemented yet, the Assurer is asked to note the shown name as well the “similar” name on the web interface on the signed form. If the CAcert Community Agreement has been agreed (tick on the form) the Assurer is asked to add +CCA on the location field on the web interface. The Assuree needs to understand the CCA. Read the Certificate Policy Statement of CAcert (CPS DRAFT). Allow the Assuree to provide him with the Assurer identity and email contact address.

For CAcert Assurers there will be available free Assurer pins to help you to identify as Assurer.

More CAcert information:

Introduction to the CAcert Assurance Program

Organise an Event:

Organise an CAcert Event

GPG/PGP key signing

Detailed instructions on how to join the PGP Keysigning Party are published at

Stuff to do right now

Submit your PGP public key to the HKP keyserver e.g. at, to do this run:

 gpg --keyserver hkp:// --keyserver-options export-minimal --send-keys ''yourkeyid''

Where yourkeyid is e.g. 0B86B067. See e.g. the output of

 gpg --fingerprint ' ''Your Name'' '

which looks like:

 pub 2048D/0B86B067 2006-02-27
 uid Jos ven Bal [...]
 sub 2048g/F0B86553 2006-02-27

You need the key id 0B86B067 on the line with pub.

Make sure you print off at home a bunch of finger print slips and bring them with you to the event. For every PGP signature you need one slip.

AssurancePreparations (last edited 2009-11-21 23:41:34 by SunTzuMelange)