Key signing with non-primary UID

stebe at mailbox.org stebe at mailbox.org
Tue Jan 26 02:49:30 CET 2016 

Hi,


some ways to achieve what you pretend,

# sign (effectively)
gpg2 --edit-key [name or email address or short/long keyID or, better,
fingerprint of your contact]
gpg> sign -u [your non-primary uid for signing given as name or email
address]

# sign only locally, i.e. it does not leave your computer
gpg2 --edit-key [name or email address or short/long keyID or, better,
fingerprint of your contact]
gpg> lsign -u [your non-primary uid for signing given as name and/or email
address]

# checking it
gpg2 --list-sigs [name or email address or short/long keyID or, better,
fingerprint of your contact]

# between "sig" and the keyID of your contact you should see an "L" now

# You might as well use 
gpg2 --local-user [your non-primary uid for signing given as name and/or
email address] --edit-key [name or email address or short/long keyID or,
better, fingerprint of your contact] --lsign-key [name or email address or
short/long keyID or, better, fingerprint of your contact]

References:
(1) README of 1.4.20, but it works with 2.0.x and 2.1.x versions of GnuPG
as well (see quote below)
(2) manpages
(3) gnupg.info

(1) GnuPG - The GNU Privacy Guard
                   -------------------------------
                            Version 1.4.20

         Copyright 1998-2015 Free Software Foundation, Inc.
         Copyright 1997-2015 Werner Koch
[...]

    Okay, here is how GnuPG helps you with key management.  Most stuff
    is done with the --edit-key command

        gpg --edit-key <keyid or username>

    GnuPG displays some information about the key and then prompts
    for a command (enter "help" to see a list of commands and see
    the man page for a more detailed explanation).  To sign a key
    you select the user ID you want to sign by entering the number
    that is displayed in the leftmost column (or do nothing if the
    key has only one user ID) and then enter the command "sign" and
    follow all the prompts.  When you are ready, give the command
    "save" (or use "quit" to cancel your actions).

    If you want to sign the key with another of your user IDs, you
    must give an "-u" option on the command line together with the
    "--edit-key".

HTH

Stebe

More information about the Gnupg-users mailing list