When you sign someone's key you're putting your name on it to say that you've checked it and it's 'good'; and it's important to know what 'good' means. GPG keys have a pretty flexible structure and can contain several different items of data, of several different types. Signing a key says that you believe that all the items in a key really belong together.
For example, my key has my name, two email addresses, and the key ID itself. Before you would sign it you'd want to be sure that the person claiming that the key is theirs (me) is:
Some keys don't have real names in them, just email addresses and the key id; to verify a key like that all you need to do is send an encrypted email to the address and get a reply quoting the original content. That shows that the person that gets the email (whoever they are) has access to the secret half of the key. Since that's all that the key is claiming, that's all you're putting your name to when you sign it.
More commonly the key will also have a real name component and to verify
that you check the holder's face against some secure form of photo ID with
their real name on it (typically a passport or photo-card driving
licence). This, of course, necessitates meeting in person which is the
whole point of keysigning meets. However, things then get more complicated
because you also now have to tie the person who's ID you've checked in
person to the email addresses and key ID.
To do this you agree on secret item of data when you meet in person, then
when you email the key holder later to check the email address(es) you ask
them to email you the secret as well as quoting your encrypted email back
at you. If this works then you know that:
To simplify this I've knocked up a script that a keyholder can run to generate an html table with rows like this:
| KeyID: xxxxxxxx Secret: 0x12c274ca Given to : |
KeyID: xxxxxxxx Fingerprint: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Photo ID checked [ ] Secret: 0x12c274ca UID: Alice Aardvaark <alice@aardvaark.example> |
To get her key signed Alice prints out a sheet full of these, each with different challenge/response values, then goes to a keysigning party. There she meets Bob, fills his name (and possibly Key ID) in in the 'Given to' space, and cuts out the righthand side of the row and gives it to Bob. Bob checks Alice's photo ID and satisfies himself that she is actually called "Alice Aardvaark", then marks the 'Photo ID checked' box to remind himself later that he's done it. Alice does the same for Bob, and takes a copy of his key details.
That's it for the keysigning party; Alice and Bob can now go their separate ways. When Bob gets home he acquires or updates a copy of Alice's key from a keyserver and checks the fingerprint against the one that Alice has given him to make sure he's got a good copy. He then sends her an email encypted to her GPG key (and signed by his), and includes some new secret data (in practice the text of the email will do as long as it's not too predictable - this is just to show that Alice has actually decrypted the email, rather than just replying based on the headers). Alice then responds quoting the text of Bob's email, and the secret number agreed at the meeting. Now Bob knows that the person he's emailing really is the person he met at the meeting (because they know the secret), he knows that they have the secret half of the key he's trying to verify (because they can decrypt and quote his emails back to him), and he knows she's really called "Alice Aardvaark" because he checked her photo ID.
Now Bob has satisfied himself that all the parts of Alice's key really do belong together he can sign her key to say so, and upload the result back to the keyserver.
Python script to generate key data
tables.
Usage is: $ python printkeys YOUR_KEY_ID > keylist.html
My GPG key as an ASCII armoured block.
Which you shouldn't need, since it's also on keyservers.