I follow the stuff regarding who to sign etc.

So, what's the best way to keep it all in check after I receive a signature? Have them reupload it to a key server, preferably the main one - I should then download this and reupload it to my website accordingly as it will now contain a signature?

I presume a signature takes up little space else someone with many sigs could find they have a massive key?

This message, and any attachments to it, may contain information that is privileged, confidential, copyrighted and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return email and delete the message and any attachments.

On 18 July 2014 05:34, Michael Kesper <mkesper@fsfe.org> wrote:

Hi Allan,

Allan Irving <allanirving@allanirving.co.uk> schrieb:

>Okay, so I've managed to set up PGP as per the documentation.
>
>My question is how does signing work and when someone signs my key,
>does it
>go like this:
>
>1. I send them my public key,
>2. They sign it.

Nobody should sign without checking your identity. People not knowing you will normally want to meet you in person.

>3. They send me back the exported signed key, which now has their
>signature.

It's legitimate the other party uploads the key with their signature to a key server.

Best wishes
Michael

--
Diese Nachricht wurde mit Freier Software gesendet: http://fsfe.org