Edit Rename Changes History Upload Download Back to Top

GPG User ID maintenance

The information on this page is intended to help if you want to add a new email address to your key, or remove an old email address.

Note: this is now a very easy thing to do if you are using one of the GUI based OpenPGP tools.

GPG keys may have a number of user identity (uid) records bound to them. Here we discuss the creation and management of uids.

Introduction + The First UID

There are two kinds of uids. Text uids and photographic uids. Here we will only consider the regular text uids.

As part of the process of making a key (using gpg --gen-key), a uid is created and bound to the new key. There are three pieces of information that make up a uid: a real name, an email address and a comment. You will be prompted for these whenever a uid is being created, and indeed this is what we see during the --gen-key process.

A uid is bound to a key by a "self-signature". The very key the uid is to be bound to is used to make a signature for the uid. This signature is held against the uid, and indicates (for example to key management software) that the uid is bound to the key.

At the completion of the --gen-key process we have a new key and a single uid bound to the key by a signature. You can see get a view of this using gpg --check-sigs. For example ...


gpg01@wally:~$ gpg --check-sigs gpg01
pub  1024D/66712F41 2003-08-17 GPG User 01 (OpenSkills developer) <gpg01@openskills.org>
sig!3       66712F41 2003-08-17   GPG User 01 (OpenSkills developer) <gpg01@openskills.org>
...

In this partial output we see the key (on the line starting with "pub") and the uid (on the line starting with "sig"). "pub" is short for public key. "sig" is short for signature.

Looking at the sig line in detail: The number 3 following "sig" indicates that this key was signed with a confidence level of 3, the highest level (See Signing OpenPGP Keys). Following the 3 is the key id of the key which produced the signature, and as this is a self-signature, the key id is that of the current key (on the pub line). Next we have the date the signature was made. Finally, we have the real name / comment / email address information.

Note that the information for our single uid appears twice. Once associated with the key (the "pub" line), and once associated with the uid (the "sig" line). The "primary uid" is always listed with the key. In this case, the one and only uid is the primary uid. There must always be one and only one primary uid bound to a key.

Adding a new uid

A new uid is added to a key using the adduid within a gpg --edit-key session. For example:


gpg01@wally:~$ gpg --edit-key gpg01
gpg (GnuPG) 1.2.1; Copyright (C) 2002 Free Software Foundation, Inc.
...
pub  1024D/66712F41  created: 2003-08-17 expires: never      trust: u/u
sub  1024g/B1545A3E  created: 2003-08-17 expires: never     
(1). GPG User 01 (OpenSkills developer) <gpg01@openskills.org>

Command> adduid
Real name: GPG User 01x
Email address: gpg01@openskills.org
Comment: Tech Support              
You selected this USER-ID:
    "GPG User 01x (Tech Support) <gpg01@openskills.org>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
                                                     
You need a passphrase to unlock the secret key for
user: "GPG User 01 (OpenSkills developer) <gpg01@openskills.org>
1024-bit DSA key, ID 66712F41, created 2003-08-17

passphrase: ********
                  
pub  1024D/66712F41  created: 2003-08-17 expires: never      trust: u/u
sub  1024g/B1545A3E  created: 2003-08-17 expires: never     
(1)  GPG User 01 (OpenSkills developer) <gpg01@openskills.org>
(2). GPG User 01x (Tech Support) <gpg01@openskills.org>

Command> save

Note that the commands entered by the user are in red.


Edit Rename Changes History Upload Download Back to Top