Confused about User IDs

Steven E. Harris
Mon Feb 5 05:00:01 2001

I'm having trouble understanding the use of User IDs in GnuPG. I have
an existing key that I created with reference to my personal e-mail
account. I keep the private key at home. Given that I'd also like to
use encryption when communicating with people by way of my work e-mail
address, I thought maybe I should add a User ID for the work
account. Following the instructions in the GNU Privacy Handbook, I
added this second User ID.

What purpose does having multiple IDs serve, though? Is the idea that
someone looking for my public key who knows only one of my e-mail
addresses will be able to find it?

The GNU Privacy Handbook says:

> The user IDs associated with your public master key are validated by
> the people with whom you communicate, and changing the master key
> therefore requires recertification. This may be difficult and time
> consuming if you communicate with many people.
Does that mean that when I "get my key signed," I'm really getting a particular User ID signed? That is, are these verification signatures bound to a particular User ID and not to the master signing key? If this trust is split, then what's the advantage of combining multiple User IDs under a given master signing key? -- Steven E. Harris :: Tenzing ::