TL;DR
Using multiple user IDs with GPG is a good idea for flexibility (different emails, names). This guide shows how to add them safely and manage them effectively.
Adding User IDs
- Generate the ID: Use the
gpg --gen-keycommand. When prompted for your name and email address, enter a different one than your primary key. Repeat this process for each additional identity you want to create.gpg --gen-key - Verify the ID: After generation, list your keys with
gpg --list-keys. You should see all your user IDs associated with the same key ID.gpg --list-keys - Sign the new ID (Important!): New IDs are initially untrusted. You *must* sign them with your primary key to make them usable. Use
gpg --sign-key <key_id>, replacing<key_id>with the ID of the new user ID.gpg --sign-key YOUR_NEW_USER_ID_KEY_ID - Fully Trust the Primary Key: Ensure your primary key has full trust. Use
gpg --edit-trustto set this if needed.gpg --edit-trustFollow the prompts to select your primary key and set its trust level to ‘ultimate’.
Managing User IDs
- Listing Keys: Use
gpg --list-keysorgpg --list-secret-keys(for more detail, including fingerprints) to see your user IDs.gpg --list-keys - Deleting a User ID: Remove an unwanted ID with
gpg --delete-key <key_id>. Be *very* careful, as this is permanent!gpg --delete-key YOUR_USER_ID_KEY_ID - Changing the Default ID: Set which ID GPG uses by default with
gpg --default-key <key_id>.gpg --default-key YOUR_PREFERRED_USER_ID_KEY_ID
Best Practices
- Sign All IDs: Always sign new user IDs immediately after creation. This prevents issues with verification and trust.
- Regular Key Revocation: Keep your revocation certificates safe. If a key is compromised, you’ll need this to revoke it.
- Key Length: Use at least 2048-bit RSA keys or equivalent ECC keys for strong cyber security.
- Backup Your Keys: Regularly back up your secret keys in a secure location. Consider using multiple backups.
- Understand Trust Levels: Learn about the GPG web of trust and how to properly assign trust levels to other users’ keys.