We use a number of default commands for our gpg key creation and signing. The first thing you need to do is get a gpg or pgp key, if you haven't already. From the command line enter the following:
gpg --gen-key
You'll want to enter your key ID(entifier). Most people use their first and last name, though that isn't mandatory, and there is no need to enter a comment. You'll also want to enter the email address you expect to be associated with this key. Once you have a key, then you can sign people's keys. In order to sign someone's key, you'll need to retrieve the key from the keyserver. To do this, enter the following command:
gpg --search EMAIL_ADDRESS_OF_THE_PERSON
You should see something like this:
2 ross@virilio:~$ gpg --keyserver pgp.mit.edu --search XXXX@mayfirst.org
gpg: searching for "XXX@mayfirst.org" from hkp server pgp.mit.edu
(1) Jamie McClelland
Jamie McClelland
Jamie McClelland
4096 bit RSA key 5F2E4935, created: 2009-05-10
(2) Jamie McClelland
Jamie McClelland
Jamie McClelland
1024 bit DSA key 76CC057D, created: 2004-01-23
Keys 1-2 of 2 for "XXXXX@mayfirst.org". Enter number(s), N)ext, or Q)uit >
Now choose the number of the correct key. Once you've imported the key and are ready to sign you can issue this command:
gpg --edit EMAIL_ADDRESS_OF_THE_PERSON
This should drop you into a gpg shell that looks like this:
0 ross@virilio:~$ gpg --edit jamie@mayfirst.org
gpg (GnuPG) 1.4.12; Copyright (C) 2012 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
pub 1024D/76CC057D created: 2004-01-23 expired: 2010-06-02 usage: SC
trust: full validity: expired
sub 1024g/77A37458 created: 2004-01-23 expired: never usage: E
sub 2048R/A3B19A3D created: 2008-06-19 expired: 2009-06-19 usage: A
[ expired] (1). Jamie McClelland
[ expired] (2) Jamie McClelland
[ revoked] (3) Jamie McClelland
gpg>
If you type help you can see a list of available commands.
In order to correctly sign a key, you need to verify the finger print of the key, either by having the other person read off their finger print or comparing it to a printed version of their fingerprint. You can find their fingerprint from the gpg command line with:
gpg> fpr
Once you've verified their fingerprint you want to sign it.
gpg> sign
and save it.
gpg> sign
Now all that's left to do is publish the fingerprint. The best practice way of publishing a signature is to allow the other person to publish your signature by sending them an email with the signature attached. This is a little cumbersome, and in most cases it's probably okay for you to go ahead and publish it by issuing the following command from the regular command line.
0 ross@virilio:~$ gpg --send-keys 5F2E4935
gpg: sending key 76CC057D to hkp server keys.mayfirst.org
0 ross@virilio:~$
Make sure to use their key ID and not their name or email address. If you need to find the correct key ID, you can do that with:
gpg --list-keys EMAIL_ADDRESS_OF_THE_PERSON
And that's pretty much all there is to it. Next, you might want to start using your gpg key for email.