GPG Key Signing Documentation
Note: Substitute suitable values in between angular brackets ('<>')
1) Create a gpg key pair.
gpg --gen-key
Select default values. Keep your private key safe. Don't use it on a shared system. 2) Upload your public key.
2a) gpg --send-key 0x<last 8 digits of your key finger print>
OR
2b) gpg --armor --output pubkey.txt --export <Your Name.asc> upload the content in the file pubkey.txt on this website : keys.gnupg.net and add your 8 digit finger print(eg : 0x23455778) on that website.
3) Take printout of your key fingerprint.
gpg --fingerprint 0x<last 8 digits of your key finger print>
Take multiple copies of the output (you have to give one copy each to every participant) 4) Physical verification
5a) Ask for a trusted identity card (normally a government issued id card like
passport, driver's license or election id card)
5b) Verify name on the fingerprint matches exactly with id provided. 5c) Verify if the person is same as printed on the id card
5) Download other person's public key
gpg --recv-key 0x<last 8 digits of other person's key finger print>
6) Sign other person's public key gpg --edit-key 0x<last 8 digits of other person's key finger print>
> sign sign all the users > trust
Normally trust fully (option 4)
> save
7) Export other person's public key gpg --output <other person's name.key.asc> --export --armor 0x<last 8 digits of other person's key finger print> 8) Sign and encrypt other person's public key gpg -se -r <other person's email> <other person's name.key.asc> 9) send the .gpg file to other person as an attachment. You can use any email program or web interface to send this. Alternatively, if your email program already supports it (eg kmail, thunderbird with enigmail add-on) you can just attach the public key and select encrypt and sign option from menu before sending mail.