Preferred Key:


C:\>gpg --fingerprint f8be0b1d
pub   4096R/F8BE0B1D 2011-06-25
      Key fingerprint = 132B 3C23 28EB 908F 524B  A6F5 F001 E1C8 F8BE 0B1D
uid                  Paul Walker <>
uid                  Paul Walker <>
sub   4096R/6BB8CC8E 2011-06-25

Old Keys:

ID: 99331194
This key has been replaced by F8BE0B1D. It may be revoked at some point.

C:\>gpg --fingerprint 99331194
pub   1024D/99331194 2007-07-25
      Key fingerprint = ABE3 EDFC F566 5A79 9842  6CD9 DED0 B3CF 9933 1194
uid                  Paul Walker <>
uid                  Paul Walker <>
uid                  Paul Walker (P72endragon) <>
sub   2048g/948B578B 2007-07-25

Key Signing Policy

If you want me to sign a key, I need to satisfy myself that:

  1. You own the private key
  2. You own the the e-mail address(es) on the user ID’s
  3. The name on the user ID is correct/not misleading

Satisfying conditions 1 and 2 is done by means of me sending an e-mail to each user ID on the key you want me to sign. The e-mail will contain an encrypted message. If you can decrypt it and send it back to me in an e-mail signed by the same key, then that confirms the link between the private key and the e-mail address.

Condition 3 is a little trickier. Unless I know you well, the only way to do this is to meet and for you to show me some ID. You will also need to give me the fingerprint of the key.

There is an interesting paragraph in this “keysigning party howto” document where it talks about signing “role keys” or “pseudonym keys”. If you want me to sign such a key, please get in touch and we’ll see if we can work something out.

I’m concious that GPG has pretty steep learning curve, and is hardly getting any traction outside of the “geek” community. With that in mind, I don’t see why keysigning has to be overly complex or formal (reading some people’s keysigning policies, it’s easier to get a passport than to get them to sign your key!). This seems to be in agreement with comments from Phil Zimmermann.