Sign key and export for each UID

Doug Barton dougb at dougbarton.us
Mon Sep 16 20:57:04 CEST 2013


On 09/16/2013 06:32 AM, atair wrote:
> Hi all,
>
> I'm now in the situation to sign one other's key for the first time.
> He signed mine some days ago and sent me an email "Your PGP key
> <keyid>" to each UID of my key with an attached file
> "<my-keyid>.<index of UID>.signed-by-<his-keyid>.asc".
> I know that I can use --sign to sign the key and then --export to
> export it, but I don't know how to do this for each UID (content of
> attached files differ). I also discovered, that there's a sign, lsign,
> ... in the interactive mode with --edit-key -- what are they for/how
> do they differ from normal --sign?
>
> To me, this seems like a standard procedure/template, is it? Where to get it?
> To me this looks pretty good, as it respects the signed person's
> freedom to publish the signature on the keyservers he/she wants to
> (and not me doing sth. with one others key).

The way that your signer did it is _a_ standard way to do it. CAFF is a 
very popular program for that, and there is another here that is also 
pretty good: http://www.phildev.net/pius/news.shtml

I have another philosophy that works for me because I prefer not to sign 
uids that are not valid. I send encrypted e-mail to each uid with a 
pseudo-random string and ask the person to send me back the string in a 
signed message. That allows me to determine if the person has control of 
all 3 elements of the uid; the e-mail address, private, and public keys. 
As a pleasant side effect it also gives me a chance to judge their 
competence with PGP, which allows me to assign a better trust value to 
folks I did not previously know.

I have the script to do this here: 
https://dougbarton.us/PGP/gen_challenges.html

hope this helps,

Doug




More information about the Gnupg-users mailing list