Re-signing keys with higher owner trust
dougb at dougbarton.us
Sat Mar 2 10:48:50 CET 2013
-----BEGIN PGP SIGNED MESSAGE-----
On 03/01/2013 03:37 PM, Dav￭ Steinn Geirsson wrote:
| Hi all,
| I signed a few keys recently using --edit-key and the 'trust' command,
| which did not ask me how well I had verified the users identity, but
| proceeded to generate a 'sig' signature on the keys. I've since found
| out I now need to use the --ask-cert-level option to get this prompt.
| As I did extensive verification of the identity of the
| keyholders (verifying government IDs), I'd like to resign these keys
| with a sig3.
| GnuPG won't let me resign the keys as they've already been signed by my
| key. I tried to revoke the signature with revsig,
You don't want to revoke the signature, since it is still valid. You
want to use the delsig option when editing the key.
If the old signature was ever sent to a key server, it will remain
there, but the new one with the higher cert level will be preferred.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the Gnupg-users