Sign key and export for each UID

Philipp Klaus Krause pkk at
Tue Sep 17 00:02:14 CEST 2013

Hash: SHA1

Am 16.09.2013 23:18, schrieb Ingo Klöcker:
> On Monday 16 September 2013 11:57:04 Doug Barton wrote:
>> The way that your signer did it is _a_ standard way to do it.
>> CAFF is a very popular program for that, and there is another
>> here that is also pretty good:
>> I have another philosophy that works for me because I prefer not
>> to sign uids that are not valid. I send encrypted e-mail to each
>> uid with a pseudo-random string and ask the person to send me
>> back the string in a signed message. That allows me to determine
>> if the person has control of all 3 elements of the uid; the
>> e-mail address, private, and public keys.
> CAFF (and apparently also PIUS) achieve same: A signed UID is sent
>  encrypted to the UID's email address. The signature on the UID can
> only be retrieved by a person who controls the email address and
> the private key. What do you mean by having control of the public
> key? How does your workflow verify that the person has control of
> the public key? AFAICS the public key is not needed for anything in
> your workflow.

Unfortunately, tools for signing keys with multiple UIDs IMO are not
user-friendly enough, tpically due to the following:

1) They require the user to be familiar with the command-line,
2) They require the user to run a unixoid OS,
3) They require the user to have configured mail for their OS.

IMO, until the functionality to sign keys with multiple UIDs and send
each signature to the associated UID gets integrated into mailclients
or their plugins, keys with multiple UIDs should not be used.


Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Icedove -


More information about the Gnupg-users mailing list