[GTALUG] Key Signing follow up, what shall I do next?

Antonio Sun tlugys.ats at spamgourmet.com
Wed Apr 18 21:28:15 EDT 2018


So I attend the Key Signing party, exchanged my signatures, and even get
emails telling me that my key is signed.

I'm now a bit lost on what shall I do next, and trying to google for the
answer didn't help much either.

The closest I found is:


GPG Tutorial

https://futureboy.us/pgp.html#UpdatingKeys



and I've checked the following sections:

Updating Keys

People are constantly updating their keys for various reasons:


   - Keys get compromised or lost and they are revoked.
      - Keys are signed by more people, building a Web of Trust
      <https://futureboy.us/pgp.html#WebOfTrust>. . .

Who Signed My Key?

Now that you've updated keys from a keyserver, you might want to see who
has signed your key. After all, *anyone* can sign *any* key and re-upload
that key to a key server. You can see the signatures with the
--list-sigs command
to gpg . . .


However, I'm still at lost understanding them. I.e., I tried both the
suggested commands, but can't see any sign that my key is signed by more
people, and any of their emails.


All that I know is that


- I get an email telling me that my key is signed.

- I'm able to decrypt it, and see an attachment of mykey.asc:


--------------B954318AC305B6429BF6150D

Content-Type: text/plain; charset=UTF-8;

 name="mykey.asc"

Content-Transfer-Encoding: base64

Content-Disposition: attachment;

 filename="mykey.asc"


What steps I shall do next? (Instruction for the command line is more
welcome than using GUI)

Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/talk/attachments/20180418/eb780094/attachment.html>


More information about the talk mailing list