GPG key signing

how_to_sign_keys.md

Signing a key

NB: to list keys: gpg --list-keys

If you have the key, delete it

gpg --delete-key keyIDhereReplaceMe

Fetch it

gpg --keyserver keys.gnupg.net --recv-keys keyIDhereReplaceMe

Sign the key

gpg --sign-key --ask-cert-level keyIDhereReplaceMe

How to do: GPG will ask if you sign all keys. If yes, good. If no: select the numbers, type, one by one. The finish by "sign". And "quit".

Export it

gpg --armor --export keyIDhereReplaceMe > ./keyIDhereReplaceMe_signed.asc

Mail it ?

Import a key signature

In this example my key is C4D91FDFCEF6B4A3C653FD7890A0EF1B8251A889 Import the file

gpg --import ./signatureOfYourKey.asc

List key signatures

After importing it:

gpg --list-sig C4D91FDFCEF6B4A3C653FD7890A0EF1B8251A889

Upload the key

⚠️ Please do not upload the signed key of the person you signed the key. The user might want to upload it on their end.

Also works for your own key List of active servers: https://spider.pgpkeys.eu/graphs/walk-sks.green.dot.svg (https://spider.pgpkeys.eu/graphs/)

KEY_ID="C4D91FDFCEF6B4A3C653FD7890A0EF1B8251A889"
gpg --keyserver keys.gnupg.net --send-key ${KEY_ID}
gpg --keyserver keyserver.ubuntu.com --send-key ${KEY_ID}
gpg --keyserver pgp.circl.lu --send-key ${KEY_ID}
gpg --keyserver keys.openpgp.org --send-key ${KEY_ID}
gpg --keyserver pgpkeys.eu --send-key ${KEY_ID}
gpg --keyserver pgp.mit.edu --send-key ${KEY_ID}
gpg --keyserver keyserver.cert.or.id --send-key ${KEY_ID}
unset KEY_ID

If you are a Debian developer, please upload it on Debian's keyring (https://keyring.debian.org/) gpg --keyserver keyring.debian.org --send-keys C4D91FDFCEF6B4A3C653FD7890A0EF1B8251A889

You also may want to upload it onto this web interfaces:

• https://keys.openpgp.org/
• https://keyserver.pgp.com/

Go to keybase, upload it or use the CLI keybase pgp update.

Go to keyserver.pgp.com try hard, try again, fail, key is too large..

Go to http://a.keyserver.alteholz.eu:11371/ and upload it.