Trusted Signatures on your Public key?

Marc Mutz
Thu Jul 19 14:04:01 2001

Hash: SHA1

On Thursday 19 July 2001 11:58, Peter Lavender wrote:

> * Marc Mutz ( wrote:
> > Basically, yes. You go to key-signing parties of your local
> > <insert-os-here>-User-Group or bug people on expos. Or you search
> > for people you may get your hands on using the keyserevers.
> I have the FAQ here, but I gather how to do this, ie how to get
> signatures on your public key is discussed in the docs?
> That's what I was curious about, just how do you do this, take your
> key on a floppy, and then get people to sign it.. then come home and
> import it?
<snip> print the output of gpg --fingerprint --list-keys <my-key-id> several times (_many_ times if you want to go to somting as big as LinuxTag - calculate in the 50-or-more regime) and sign it (by hand, i.e. with a pen as you would sign a contract). The others will do the same and on the event, you just exchange these papers. After a look at the other one's passport or driving license (or whatever -see different thread), you sign _his_ paper and take it home with you. There, you compare the fingerprints on the paper with the one shown by GnuPG from the downloaded pubkey and if they match, you sign the peer's key and send it to him. You may additionally send an encrypted "ping" message to all UIDs on the peer's key before signing just to make sure that the peer is in fact in control of all UIDs and has the secret key. Marc - -- Marc Mutz <> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see iD8DBQE7VuiE3oWD+L2/6DgRAhaoAJ4niQ8ikJrlDBupjPfWgacIXev0rACggv2t 8K8vcAxuxoOvaHbGb4WQRNQ= =7bGo -----END PGP SIGNATURE-----