This post provides some random notes on gpg usage I can never seem to remember correctly. It will expand as needed.
Showing signatures applied to a key
The output of this command is as follows (from the pgp mailing list)
The exclamation mark is only produced on --check-sigs, it's absent on --list-sigs so it's an indication that the signature is good. All signatures with --check-sigs should have the ! because signatures made by keys not in your key ring are excluded. The digit is the indication of how much verification took place before signing - when you sign a key, GnuPG asks you how carefully you verified the key, 3 is the highest level - very careful checking. As the man page describes, this is a personal thing and one person's definition of 'very careful' might not match yours. Personally, I mean: I checked the fingerprint against a printed copy given to me face-to-face by the keyholder who proved his/her identity using recognised photo ID (passport, driving licence etc.) and the email address was verified by correspondence. 0 means you make no particular claim as to how carefully you verified the key. 1 means you believe the key is owned by the person who claims to own it but you could not, or did not verify the key at all. This is useful for a "persona" verification, where you sign the key of a pseudonymous user. 2 means you did casual verification of the key. For example, this could mean that you verified that the key fingerprint and checked the user ID on the key against a photo ID. 3 means you did extensive verification of the key. For example, this could mean that you verified the key fingerprint with the owner of the key in person, and that you checked, by means of a hard to forge document with a photo ID (such as a passport) that the name of the key owner matches the name in the user ID on the key, and finally that you verified (by exchange of email) that the email address on the key belongs to the key owner. Note that the examples given above for levels 2 and 3 are just that: examples. In the end, it is up to you to decide just what "casual" and "extensive" mean to you. From this section of the manpage: --default-cert-check-level n
Updating your key
Sending an updated key
Encrypt a file for a recipient
Decrypt a file
Use a distinct keyring
If you are using keys associated with an employer, client, or particular project and don’t want them mixed in with your personal keys, you can use a dedicated keyring.
Figuring out wtf
Sometimes things just don’t work. In this case, increase the verbosity to full strength!