Get a Friend to Sign Your Key

Provide Your Key's Fingerprint

Using direct person-to-person communication (i.e: paper handed from Alice to Bob), share your key's fingerprint.

gpg --fingerprint "${IDENTITY}"

Friend Verifies and Signs

Follow steps in Sign a Friend's Key, below.

Receive the Signed Key

gpg --decrypt < "${TMP_FILE}" \
  | gpg --import
gpg --send-keys "${IDENTITY}"

Sign a Friend's Key

Retrieve

gpg --keyserver hkp://pgp.mit.edu    --search-key "${EMAIL}"
gpg --keyserver hkp://keys.gnupg.net --search-key "${EMAIL}"

Verify Fingerprint

gpg --fingerprint "${EMAIL}"

Carefully verify that the fingerprint on-screen is the same as what they are claiming. Use photo ID, and other means to verify their identity. Select a relevant level of trust based on the depth and integrity of your procedure.

Sign

Where ${IDENTITY} is the key you own that you'd like to use to sign their key.

gpg --default-key "${IDENTITY}" --ask-cert-level --sign-key "${EMAIL}"

If prompted to sign all user IDs, say No and pick the IDs individually... Example below (Signing Multi-UID Keys).

Verify Signature

gpg --list-sigs "${EMAIL}"

Distribute

gpg --armor --export "${EMAIL}" \
  | gpg --default-key "${IDENTITY}" --armor --sign --encrypt --recipient "${EMAIL}" > "${TMP_FILE}"

Then email ${TMP_FILE} to the key owner.

Signing Multi-UID Keys

  • Run gpg --sign-key as above
  • Select the specific key, by entering the key's ID (e.g: 1)
  • Confirm that keys to be signed are marked with an asterisk
  • Issue sign
  • Repeat if required
  • Issue save