Key signing?

So, you’ve configured your email account in the Thunderbird/Icedove client, installed Enigmail, and used it to create yourself a GPG keypair by following the excellent Free Software Foundation’s E-mail Self-Defence Guide? Cool!

In the final stages of that guide, you’ve learnt about key signing, which is important to building the web of trust. We’re keen to build and strengthen the web of trust, so we’ve made key sharing and signing a standing item at various RLC meetings.

However, rather than Enigmail to interact with the keyservers, we have found it more reliable to use the Terminal. This means that we enter command line instructions to validate key fingerprints, sign keys, and upload signed keys to the keyservers. Here’s how to it via the Terminal in GNU/Linux and MacOS. (This guide assumes they has already been imported, either by the using sharing it directly or by gpg –recv-key [Key ID]).

To see the details of the key you are going to sign:


  • gpg –fingerprint [Key ID]

This gives the fingerprint which will be read out to the key signing party by the key holder.

To sign the key:



  • gpg –sign-key [Key ID]

And then to send this to the key servers:

  • gpg –send-keys [Key ID]

Associating your key with other email addresses

In order to add another user ID to your GPG key, you will need to edit your key.


  • gpg –edit-key [Key ID]
  • adduid
  • Give a name for the user ID you are adding
  • Write the email address that you are associating
  • Add any additional comment
  • O
  • uid
  • trust
  • 5
  • save

If you want to send this to the keyservers:

  • gpg –send-keys [Key ID]

Nota bene: once a new user ID has been added and the key sent to the keyservers, it is not possible to just delete a user ID, the user ID will need revoking.