Sign key and export for each UID
dougb at dougbarton.us
Mon Sep 16 20:57:04 CEST 2013
On 09/16/2013 06:32 AM, atair wrote:
> Hi all,
> I'm now in the situation to sign one other's key for the first time.
> He signed mine some days ago and sent me an email "Your PGP key
> <keyid>" to each UID of my key with an attached file
> "<my-keyid>.<index of UID>.signed-by-<his-keyid>.asc".
> I know that I can use --sign to sign the key and then --export to
> export it, but I don't know how to do this for each UID (content of
> attached files differ). I also discovered, that there's a sign, lsign,
> ... in the interactive mode with --edit-key -- what are they for/how
> do they differ from normal --sign?
> To me, this seems like a standard procedure/template, is it? Where to get it?
> To me this looks pretty good, as it respects the signed person's
> freedom to publish the signature on the keyservers he/she wants to
> (and not me doing sth. with one others key).
The way that your signer did it is _a_ standard way to do it. CAFF is a
very popular program for that, and there is another here that is also
pretty good: http://www.phildev.net/pius/news.shtml
I have another philosophy that works for me because I prefer not to sign
uids that are not valid. I send encrypted e-mail to each uid with a
pseudo-random string and ask the person to send me back the string in a
signed message. That allows me to determine if the person has control of
all 3 elements of the uid; the e-mail address, private, and public keys.
As a pleasant side effect it also gives me a chance to judge their
competence with PGP, which allows me to assign a better trust value to
folks I did not previously know.
I have the script to do this here:
hope this helps,
More information about the Gnupg-users