How to digitally sign a file with multiple keys using GnuPG

More than a year ago I moved from my expiring OpenPGP key (0x1CD3E3D8) to my current key (0xFEEEFA8F) and for that process, in addition to signing my new key with my old key, I created a Key Transition notice signed by both keys as a way to inform those who trusted my old key that my new key was in fact still me. However it only recently occurred to me that I never actually posted any instructions on how I did that and deciphering gpg command line can be a bit of a pain. So with all that said here is how you sign a file with multiple keys.

Step 1) Have multiple keys

This one should be obvious.

Step 2) Decide if you want to clear sign or not

Clear signing can make your signature a bit more presentable for things like text documents but if you are simply signing a binary file it doesn’t make a whole lot of sense. The only difference in the command is that you need to specify either –sign for a normal gpg signature or –clearsign for a (you guessed it!) clear signature.

Step 3) Sign the file with multiple keys

The basic format is this:

gpg [--sign | --clearsign] -u key1 -u key2 [-u keyn] [file to sign]

So when I was signing my key transition notice using my old key and my new key I ran the following command:

gpg --clearsign -u 1CD3E3D8 -u FEEEFA8F key-transition-2013-12-16.txt

which produces a clear signed file called key-transition-2013-12-16.txt.asc signed with both keys.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>