comments on uid

Peter Lebbing peter at
Sun Mar 18 11:40:29 CET 2012

On 18/03/12 09:13, freejack at wrote:
> Alright that's a good answer but aren't people just confirming the email
> address belongs to a known signer when they sign a key? Does it really
> matter what the UID comment is? I think it may be going a bit too far to say
> the UID is guaranteed.

Different people mean different things by signing an UID; they could
express this by policy. By the way, an UID doesn't even need to be of
the form "Full Name (Comment) <e at mail>" though it is certainly
recommended and standard.

So some people might not care about the comment part; others might. The
example I gave is clearly a case where it might matter. I certainly
would not sign the one with the comment "(US president)", but I haven't
personally formulated a policy on what I think about comments.

I think there are other mechanisms to add some comments to an UID, via
signatures with notations. Other people might know more about this. If
you want to add comments that you can freely change, this might be more
what you're looking for, rather than changing the UID.

I should note that many people actually *don't* check if the e-mail
address belongs to the person whose UID they sign. If this were as
"simple" to prove as it is to prove you have a certain name by showing a
passport or something, it might be checked more often. But that's
government regulated, unlike e-mail addresses. All you can easily prove
is that you have access to an e-mail account, which is something
completely different. Just to begin with: so does your e-mail provider.

> Do I have to do anything with the keys when adding a UID and deleting the
> old one? I don't remember.
> [snip] 
> My question is on a situation I didn't add the comment by mistake when I
> created the key and now I'd like to be able to add a comment. The key isn't
> signed etc. Thanks.

If you haven't given the key to anyone (the copy in your own keyring is
the only copy in existence), you can just add the new UID with adduid
and then delete the old one with deluid. A key needs at least one UID,
so you first need to add a new one before you delete the last and only UID.

The only catch is that if there is a copy in existence with the old UID,
and you import to that keyring the new version with the new UID, it will
have both UIDs.


I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at

More information about the Gnupg-users mailing list