Signing GPG Keys

Signing another person’s public keys means that you certifying and stating that you trust that person and their work. BigLumber is a site that allows people to sign each others public keys. You just create your account and upload your ASCII armoured public key. The method of using ASCII armored version to import keys is often preferred because the key comes directly from the user. The keyserver may contain a corrupt key or may be unavailable so the ASCII armored version is given preference. To create the ASCII armoured public key simply do:

gpg --output key.asc --export -a $GPGKEY

For authentication purposes BigLumber will send you an encrypted email on your registered email id. You decrypt the mail and follow the instructions and finally you are a member of the BigLumber fraternity. There are several sites that allow signing of public keys, BigLumber is just on of them.

In order to sign someones key you should know their key id, say it is KEYID


Then receive this key from the keyserver where it has been uploaded:

gpg --keyserver --recv-keys $KEYID

Then sign the key using:

gpg --sign-key $KEYID

And finally, upload it onto the server once again:

gpg --keyserver --send-key $KEYID

Now, you have successfully signed the key and have established a circle of trust.

blog comments powered by Disqus


10 February 2015