Resign existing key with higher trust
David Shaw
dshaw at jabberwocky.com
Sun Nov 9 16:30:16 CET 2008
On Nov 9, 2008, at 6:56 AM, Loren M. Lang wrote:
> I cross-signed two of my keys without specifying a certification
> level,
> but now I want to change the certification level to positive since
> both
> are mine and on the same key chain, but GnuPG doesn't let me saying
> I've
> already signed them. I have no need to revoke the existing
> signatures,
> I just want to increase the certification level and generate new
> signatures.
You have a few options here. If you haven't sent the key to a
keyserver (i.e. nobody but you has the signature in question), then
just use "delsig" to delete the signature. Then sign it again however
you like.
If you have already distributed the key with the signature in
question, the usual way to handle this is to revoke the old signature
(revsig) and then sign again. I'm not sure why you object to that -
it gives you exactly what you want.
If you really want to sign it again without deleting or revoking the
original signature, then you can re-sign it by adding --expert to your
command line. GPG will tell you you've already signed the user ID,
but then offer to sign it again anyway. Note that the end result of
this would be two signatures from you on the particular user ID.
David
More information about the Gnupg-users
mailing list