Resign existing key with higher trust

David Shaw dshaw at
Sun Nov 9 16:30:16 CET 2008

On Nov 9, 2008, at 6:56 AM, Loren M. Lang wrote:

> I cross-signed two of my keys without specifying a certification  
> level,
> but now I want to change the certification level to positive since  
> both
> are mine and on the same key chain, but GnuPG doesn't let me saying  
> I've
> already signed them.  I have no need to revoke the existing  
> signatures,
> I just want to increase the certification level and generate new
> signatures.

You have a few options here.  If you haven't sent the key to a  
keyserver (i.e. nobody but you has the signature in question), then  
just use "delsig" to delete the signature.  Then sign it again however  
you like.

If you have already distributed the key with the signature in  
question, the usual way to handle this is to revoke the old signature  
(revsig) and then sign again.  I'm not sure why you object to that -  
it gives you exactly what you want.

If you really want to sign it again without deleting or revoking the  
original signature, then you can re-sign it by adding --expert to your  
command line.  GPG will tell you you've already signed the user ID,  
but then offer to sign it again anyway.  Note that the end result of  
this would be two signatures from you on the particular user ID.


More information about the Gnupg-users mailing list