Sign keys

To show that you trust and vouch for the genuineness of someone's key, you can sign it. A person's key must be signed only after you compare the user ID on the key with a valid proof of their identity, such as a passport, driver's license, or similar. If the two IDs match, the key is said to be trustworthy.

To sign a key:

  1. Import the remote key or keyfile containing the key to be signed into Passwords and Keys.

  2. From the list of GnuPG keys select the imported key.

  3. Right click the key and select Properties ▸ Trust.

  4. Press the Sign this Key button.

  5. Depending on how carefully you have checked the key, choose one out of Not at all, Casually or Very carefully.

  6. Decide if you want to revoke your signature at a later date and if you want to make your signature public, by ticking the checkboxes provided.

  7. When you own more than one PGP key, select the key you want to sign with, from the list next to Signer.

  8. Press the Sign button to finish.

Can I sign my own keys?

When you create a new GnuPG key, it is automatically signed by you. Any new subkeys created using a GnuPG key, will also be signed automatically.