PGP/GPG Key Signing Policy 2021-02-25
pub rsa4096 2011-09-28 [SC] 5E6D 6EAE 16C3 DA75 450B 219C 9A80 4E97 D707 9C77 uid [ultimate] Ian A. Young <email@example.com> uid [ultimate] [jpeg image of size 6036] sub rsa4096 2020-02-26 [S] [expires: 2022-02-25] sub rsa4096 2020-02-26 [E] [expires: 2025-02-24]
This policy may be replaced at any time with a new version. If a new version incorporates changes that might affect the strength or perceived strength of the resulting signature, the old version will be linked from the new one. The current policy can always be found at https://iay.org.uk/identity/pgp/policy/.
In PGP/GPG, the operation of “signing a key” really means signing one or more of the user IDs (UIDs) that form part of the key. Each UID represents some aspect of the key owner’s identity. Signing a UID provides a third party (sometimes called a relying party) with some evidence that the claim made by the UID (“the key owner’s name is X and their e-mail address is Y@Z”, “the key owner looks like this”) has been verified at some level of assurance by the signer.
If you ask me to “sign your key”, I may be prepared to sign some or all of your key’s UIDs. In general, I will only sign those UIDs whose claims I can verify. My signature will include a “certification level” indicating my confidence in the verification, according to rules described below.
Prerequisites for Signing
The key owner should be willing to cross-sign with me.
The key owner and I must be able to meet one-on-one in quiet, unhurried circumstances. This will normally be a physical meeting, but a one-to-one video meeting may be acceptable if:
- The key owner is already well known to me, and
- The key owner has a video setup of sufficient quality for me to examine identity documents remotely. Note that such a meeting provides less assurance in those documents, so will result in a lower certification level.
The key owner must make their key available on a publicly accessible key server. Examples are:
hkp://pool.sks-keyservers.net: This is my preferred option.
hkps://keys.openpgp.org: Although the default in some software, this server does not support photographic UIDs, and requires explicit opt-in to support normal UIDs.
The key owner who wishes to obtain a signature from me to any of their key’s UIDs must prove their identity to me by way of an identity document issued by a national government and featuring a photographic picture of the key owner as well as the key owner’s real name.
The following documents will normally be acceptable: a passport, a national ID card or a driver’s licence.
Key owners whose documents are issued by a government outside the UK (with which I will be less familiar) will be required to present two different documents. At least one of these documents must be a government-issued identity document as described above. Other means of proof of identity may be acceptable for the second document: please consult with me in advance in this case.
Normal (non-photographic) UIDs assert that the key’s owner has a particular real name and e-mail address. I must be able to verify the real name in the UID against the identity documents, with reasonable allowance for different presentation of things like additional personal names.
Photographic UIDs assert that the key’s owner has the indicated physical appearance. I must be able to verify the key’s photo ID against both the identity documents and the key owner’s appearance in our meeting.
In the case of an in-person physical meeting, the key owner should have prepared
a printout of the output of
gpg --fingerprint for the key, or the equivalent
command from another OpenPGP client. Web-based tools for creating “key slips”
can be found here
A hand-written sheet featuring the key ID, the fingerprint and all user IDs the key owner wishes to obtain a signature to will also be accepted.
If the key owner wishes to obtain a signature to a photographic user ID, the printout should contain the image of that photographic user ID. A printout or photocopy of a photo clearly showing the same person as in the photographic user ID will also be accepted.
You can download a copy of my own fingerprint printout page here as an example.
In the case of a one-to-one video meeting, the key ID and all UIDs the key owner wishes to obtain a signature to may instead be exchanged through an online chat channel associated with the meeting.
In video meetings, I will also gather appropriate screenshots to support validation of any photographic user IDs.
The Act of Signing
I will not normally perform the signing operation during my meeting with the key owner.
At home I will verify the key’s fingerprint using the hardcopy of the fingerprint that has been given to me, or the information collected through the video meeting’s chat.
After successful fingerprint verification, I will sign all user IDs which I agreed to sign. Each signature is then individually sent to the email address listed in the corresponding user ID, encrypted to the associated key.
As only the key owner can decrypt and thus publish the signatures, this procedure ensures that the email address listed in each user ID with a published signature belongs to the key owner.
It is the key owner’s responsibility to publish the decrypted signatures to the appropriate key server. I will not do this, as that would subvert the security of the procedure.
Signature Certification Levels
Positive certification of a User ID and Public-Key packet. The issuer of this certification has done substantial verification of the claim of identity.
Certification level 3 is used for user IDs that passed identity, fingerprint and email verification and photographic user IDs that passed identity and fingerprint verification as described above.
This certification level requires an in-person physical verification meeting. If a video verification meeting has taken place instead, certification level 2 will be used instead.
Casual certification of a User ID and Public-Key packet. The issuer of this certification has done some casual verification of the claim of identity.
Certification level 2 is used for user IDs that passed identity, fingerprint and email verification and photographic user IDs that passed identity and fingerprint verification as described above, but where a video identity verification took place.
Persona certification of a User ID and Public-Key packet. The issuer of this certification has not done any verification of the claim that the owner of this key is the User ID specified.
As certification level 1 does not imply any identity verification, it is of little value to normal relying parties. As such, I do not currently create signatures with this certification level.
This policy was originally based on Elmar Hoffman’s key signing policy.
I use the
caff script from the
signing-party package to operate the
procedure described above.
- 2021-02-25: new major version of the policy, replacing that from 2013-11-07:
- Significantly less formal language in some places.
- Some explanation of the purpose of the signing operation.
- Revised to allow video meetings as well as in-person meetings, but at least for now at a lower certification level.
- Previous (historically unused) uses for certification level 2 have been removed.