Re-signing keys with higher owner trust
Davíð Steinn Geirsson
david at dsg.to
Sat Mar 2 00:37:22 CET 2013
I signed a few keys recently using --edit-key and the 'trust' command,
which did not ask me how well I had verified the users identity, but
proceeded to generate a 'sig' signature on the keys. I've since found
out I now need to use the --ask-cert-level option to get this prompt.
As I did extensive verification of the identity of the
keyholders (verifying government IDs), I'd like to resign these keys
with a sig3.
GnuPG won't let me resign the keys as they've already been signed by my
key. I tried to revoke the signature with revsig, but I still get an
error as my key has already signed the target key:
"Key Subject <replaced at example.com>" was already signed by key 372523E0
Nothing to sign with key 372523E0
Can someone point me to the right way to do this? I already uploaded
the signatures to keyservers, so it's too late to just delete the sigs
from my keyring.
Please CC me on replies, as I'm not subscribed to the list.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: not available
More information about the Gnupg-users