Why shouldn't I bring a computer to a key-signing party?
Quote from Wikipedia:
Although PGP keys are generally used with personal computers for Internet-related applications, key signing parties themselves generally do not involve computers, since that would give adversaries increased opportunities for subterfuge. Rather, participants write down a string of letters and numbers, called a public key fingerprint, which represents their key. The fingerprint is created by a cryptographic hash function, which condenses the public key down to a string which is shorter and more manageable. Participants exchange these fingerprints as they verify each other's identification. Then, after the party, they obtain the public keys corresponding to the fingerprints they received and digitally sign them.
another one from openwest:
If you bring a computer, please keep it in your bag and powered down during the party. This is for security measures to prevent the spread of malicious software, the misplacement of private keys, and damaged or misplaced equipment.
Firstly, that statement doesn't mean "don't bring a computer"; it means " you don't need to bring a computer". Many people going to their first key signing party are likely to assume that, since the keys are intended for use on computers, they will need to bring a computer containing their keys, signatures, or encryption software. What actually happens is that the verification of the keys takes place using key fingerprints without any computers and is entered into an online database after the event from participants' own computers at home.
Secondly, as a computer is not used at the key signing party, it is generally discouraged to take a computer to a key signing party. Having unnecessary computers at an event of that kind is a large security risk, as a malicious participant could use another participant's computer to sign his own key with the other participant's signature, or he could even steal other people's private keys or distribute malware. In short, computers are not necessary at key signing parties and having them present would introduce all the security risks that computers inherently bring with them, which is never a good idea when those computers are likely to contain private encryption keys, so most key signing parties prefer participants to write public key fingerprints on paper and keep their private keys safely at home.
It is a matter of speed and convenience, for the most part.
Your basic options for signing a key:
Both participants set up their computers next to each other, one reads off their fingerprint, the other verifies at the same time, then the key is signed immediately.
One participant shows their computer screen with the fingerprint to the other, who writes down the fingerprint.
The signee hands over a small piece of paper along with their photo ID, and the signer keeps the paper.
It is obvious to see that method 3 is way faster than the other two. By asking people to not bring computers, they are implicitly asked to bring enough copies of their key, or to register beforehand so they can distribute a list of fingerprints (you will need to verify that the key in the file is yours, and they will read a checksum of the file in the beginning).
Shameless plug: If you have only ASCII characters in your name, the gpg-key2ps
script may be helpful to you -- it is always a good idea to have a few keyslips in your pocket.