On 16 August 2013 17:17, Ben Finney <ben+freesoftware@benfinney.id.au> wrote:
* Examine the key's fingerprint and verify it against the fingerprint the person gave you. [...] A tool like ‘caff’ (installed in the package ‘signing-party’ in Debian) can step through all this for a specified set of key IDs.
I'm a bit confused by all this. Caff doesn't seem to give me the option to save a signed key to be sent manually, and I don't have my system set up to send email. I tried using straight gpg, and it seems to have worked - but now should I just send the output of `gpg --armor --export ID` to the owner of ID? Do I need to do that for subkeys separately? And what do I do with that data if someone sends it to me? Keyservers would seem to make this all a lot easier. It's a shame it's a faux pas to publish on behalf of someone else! If anyone wants to sign and publish my key using `gpg --send-key`, please feel free :) Alex