Re-signing keys with higher owner trust
Davíð Steinn Geirsson
david at dsg.to
Sat Mar 2 00:37:22 CET 2013
Hi all,
I signed a few keys recently using --edit-key and the 'trust' command,
which did not ask me how well I had verified the users identity, but
proceeded to generate a 'sig' signature on the keys. I've since found
out I now need to use the --ask-cert-level option to get this prompt.
As I did extensive verification of the identity of the
keyholders (verifying government IDs), I'd like to resign these keys
with a sig3.
GnuPG won't let me resign the keys as they've already been signed by my
key. I tried to revoke the signature with revsig, but I still get an
error as my key has already signed the target key:
gpg> sign
"Key Subject <replaced at example.com>" was already signed by key 372523E0
Nothing to sign with key 372523E0
Can someone point me to the right way to do this? I already uploaded
the signatures to keyservers, so it's too late to just delete the sigs
from my keyring.
Please CC me on replies, as I'm not subscribed to the list.
Best regards,
Davíð
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: </pipermail/attachments/20130301/4aac4d51/attachment.pgp>
More information about the Gnupg-users
mailing list