Get a Friend to Sign Your Key¶
Provide Your Key's Fingerprint¶
Using direct person-to-person communication (i.e: paper handed from Alice to Bob), share your key's fingerprint.
gpg --fingerprint "${IDENTITY}"
Friend Verifies and Signs¶
Follow steps in Sign a Friend's Key, below.
Receive the Signed Key¶
gpg --decrypt < "${TMP_FILE}" \
| gpg --import
gpg --send-keys "${IDENTITY}"
Sign a Friend's Key¶
Retrieve¶
gpg --keyserver hkp://pgp.mit.edu --search-key "${EMAIL}"
gpg --keyserver hkp://keys.gnupg.net --search-key "${EMAIL}"
Verify Fingerprint¶
gpg --fingerprint "${EMAIL}"
Carefully verify that the fingerprint on-screen is the same as what they are claiming. Use photo ID, and other means to verify their identity. Select a relevant level of trust based on the depth and integrity of your procedure.
Sign¶
Where ${IDENTITY}
is the key you own that you'd like to use to sign their key.
gpg --default-key "${IDENTITY}" --ask-cert-level --sign-key "${EMAIL}"
If prompted to sign all user IDs, say No and pick the IDs individually... Example below (Signing Multi-UID Keys).
Verify Signature¶
gpg --list-sigs "${EMAIL}"
Distribute¶
gpg --armor --export "${EMAIL}" \
| gpg --default-key "${IDENTITY}" --armor --sign --encrypt --recipient "${EMAIL}" > "${TMP_FILE}"
Then email ${TMP_FILE}
to the key owner.
Signing Multi-UID Keys¶
- Run
gpg --sign-key
as above - Select the specific key, by entering the key's ID (e.g:
1
) - Confirm that keys to be signed are marked with an asterisk
- Issue
sign
- Repeat if required
- Issue
save