Keys with only one user ID

Use gpg to display the fingerprint of the key, as stored in your public keyring on your home system. Carefully match the fingerprint with the one below - all characters in the key fingerprint must match exactly.

$ gpg --fingerprint A897FD02

pub  1024D/A897FD02 2002-01-27 Neil Williams (laptop) linux@codehelp.co.uk
Key fingerprint = 744C 978D 7AB8 F27B 3BA6  C101 93B0 D5AF A897 FD02
sub  1024g/4D6D2952 2002-01-27

To sign this key:

$ gpg --sign-key A897FD02

You will be prompted to tell GnuPG how carefully you have checked this key. A level of 3 would indicate that you have verified the email address in the UID by a series of email messages and replies, that you have also verified the name in the UID using photo ID and that you have checked the fingerprint of the key with a printed copy given to you personally by the keyholder. Make your selection and confirm that you wany GnuPG to sign this key, putting in your passphrase to complete the signature.

Now edit the level of trust to indicate how much you trust me to validate other people's keys as carefully as you have verified mine. This will tell GnuPG how much you want to trust a key that I HAVE signed but you have NOT. It is a personal decision, but I do everything I can to verify keys before signing, including verifying email addresses, photo Id and key fingerprints from multiple sources, so I'd like to think that you would be comfortable to sign at a trust level of 4 - fully trusted. A trust level of 5 should be reserved for your own keys and 2 should probably be reserved for those people who seem to sign any and every key they find.

$ gpg --edit-key A897FD02

Command> trust

(Enter the trust level.)

Command> save

IMPORTANT: Please now export MY key to a public keyserver as it has now been updated with your signature. Other people cannot make use of your careful work in signing my key if you dont export it.

$ gpg --keyserver subkeys.pgp.net --send-key A897FD02

That's it!