GPG Key Signing Documentation

Note: Substitute suitable values in between angular brackets ('<>')

1) Create a gpg key pair.  gpg --gen-key Select default values. Keep your private key safe. Don't use it on a shared system. 2) Upload your public key. 2a) gpg --send-key 0x OR 2b) gpg --armor --output pubkey.txt --export  upload the content in the file pubkey.txt on this website : keys.gnupg.net and add your 8 digit finger print(eg : 0x23455778) on that website. 3) Take printout of your key fingerprint.  gpg --fingerprint 0x Take multiple copies of the output (you have to give one copy each to every participant) 4) Physical verification 5a) Ask for a trusted identity card (normally a government issued id card like passport, driver's license or election id card) 5b) Verify name on the fingerprint matches exactly with id provided. 5c) Verify if the person is same as printed on the id card 5) Download other person's public key gpg --recv-key 0x 6) Sign other person's public key gpg --edit-key 0x		 > sign  	sign all the users > trust Normally trust fully (option 4) > save 7)  Export other person's public key gpg --output  --export --armor 0x 8) Sign and encrypt other person's public key gpg -se -r   9) send the .gpg file to other person as an attachment. You can use any email program or web interface to send this. Alternatively, if your email program already supports it (eg kmail, thunderbird with enigmail add-on) you can just attach the public key and select encrypt and sign option from menu before sending mail.