Trusted Signatures on your Public key?

Keith Owens
Thu Jul 19 12:47:01 2001

On Thu, 19 Jul 2001 19:58:26 +1000, 
Peter Lavender <> wrote:

>That's what I was curious about, just how do you do this, take your
>key on a floppy, and then get people to sign it.. then come home and
>import it?
Normally it is more indirect than that. You attend a conference, meeting, whatever where people exchange keys on some medium. That medium is usually paper, I carry slips with my key fingerprint, from gpg --list-key --fingerprint. You give those to other people who are exchanging keys, they verify your human identity (id card, passport etc.) then, at their leisure they can fetch your key, check against the fingerprint on paper, sign your key and either send to you or to a keyserver. There are variants, including getting people to sign your key on the spot. But that only works if they have their secret key available which means each person needs their own trusted machine. It takes long enough to verify id when there are several people, it takes even longer if you have to wait for signatures on the spot.