Re-signing keys with higher owner trust

Doug Barton dougb at dougbarton.us
Sat Mar 2 10:48:50 CET 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 03/01/2013 03:37 PM, Dav■￰ Steinn Geirsson wrote:
| Hi all,
|
| I signed a few keys recently using --edit-key and the 'trust' command,
| which did not ask me how well I had verified the users identity, but
| proceeded to generate a 'sig' signature on the keys. I've since found
| out I now need to use the --ask-cert-level option to get this prompt.
|
| As I did extensive verification of the identity of the
| keyholders (verifying government IDs), I'd like to resign these keys
| with a sig3.
|
| GnuPG won't let me resign the keys as they've already been signed by my
| key. I tried to revoke the signature with revsig,

You don't want to revoke the signature, since it is still valid. You
want to use the delsig option when editing the key.

If the old signature was ever sent to a key server, it will remain
there, but the new one with the higher cert level will be preferred.

hth,

Doug


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)

iQEcBAEBCAAGBQJRMcsBAAoJEFzGhvEaGryE3xAH/0o0KKUsY+PoqGSGTYjJgjn7
si9lLXuA9cAQDwG8GgVU69Th4Ew9V6L/6g2O/E1RPUrpTsECYaD7N4PVSMaPEGvc
OE2kQZhc8xaUDV0VDo6ZdZraaonrFtoho22DTqcmMc7jhX2NkHLtoaaF25xGhSxZ
ih3hUV5fJHOIy5I+9C7HDbVUkm5CtQbZLbOwYacPK8e8/5OK6AO/R0i0ElNs5qp+
O9DT8TI2CCz4rqj44LtYOzWOSHXwYqDdSj/IR0hgTmFCVt7GFcqIge01PZ8B5EI6
xTC/RO5EfA1aNSt95FBQ9uUPz5EY5n+KAhAy/mQM6T80mzRvTmqMvN2d9kkZ5+4=
=vW+L
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list