Tools for people who attend key signing parties
Branch: master
Clone or download
Latest commit 535c3ee Jan 27, 2017
Type Name Latest commit message Commit time
Failed to load latest commit information.
bin Remove push to scalar Jan 27, 2017
lib Remove push to scalar Jan 27, 2017
t Initial version Mar 2, 2013
.gitignore Ignore temporary files Mar 6, 2013
Changes ksp-check-fingerprints was obsoleted, fix docs Feb 2, 2015
dist.ini Fix Dist::Zilla config Apr 3, 2013


Tools for people who attend key signing parties.

List of tools

  • ksp-makelist: create a better formatted list in PDF format by reading a FOSDEM key list.
  • ksp-import-keys: automatically import signatures from a mailbox. Supports mbox files, IMAP and POP3 servers.
  • ksp-scanlist: scan QR codes from a list created by ksp-makelist, and generate a list of keys to sign.
  • ksp-list: process lists: check signatures, sign keys, mail signed keys


  • Digest::SHA
  • Digest::RMD160
  • PDF::API2
  • Barcode::ZBar
  • Crypt::GPG
  • Crypt::RIPEMD160
  • Mail::GnuPG
  • MIME::Entity
  • Email::Sender
  • Moose
  • qrencode
  • Vash (optional)
  • Speech::eSpeak (only for key scanning)


Programs can be run in place, like this:

$ perl ./bin/ksp-makelist


First, download the FOSDEM key signing party files. Here we setup a separate keyring, to avoid crowding the main one. This is optional.

$ wget
$ bunzip2 keyring.asc.bz2
$ gpg --keyring ~/.gnupg/fosdem2014.gpg --no-default-keyring --import keyring.asc
$ echo "keyring ~/.gnupg/fosdem2014.gpg" >> ~/.gnupg/gpg.conf

Generate a list:

$ bin/ksp-makelist --output fosdem_2014.pdf ksp-fosdem2014.txt

Print it, go to FOSDEM and mark the keys to sign. Then take a black marker, and cover the QR codes for the keys you are NOT going to sign, to make sure you can't scan them by accident.

Generate a list of keys to sign. Hold the printed list in front of a camera, and scan the keys. Close the camera window when done.

$ bin/ksp-scanlist --output selected_keys.txt ksp-fosdem2014.txt

Check whether the fingerprints in the GPG key ring match the ones that were scanned:

$ bin/ksp-list --check selected_keys.txt