GPG Keychain Access should provide functionality to sign only some userids of a key

Nick's Avatar


27 Sep, 2014 09:15 PM

GPG Keychain Access 1.1.3 (601)

When I use the contextual menu option in GPG Keychain to "Sign...", the tool tells me it will "Make signature for all user IDs of [key]".

Please describe what you did expect instead

Have the option to select which user IDs I wish to sign. If I only know one of the user's email addresses, for example, I might not want to sign all of the email addresses associated with a key.

  1. Support Staff 1 Posted by Steve on 02 Oct, 2014 07:29 PM

    Steve's Avatar

    Hi Nick,

    thanks for the feedback. This should be fixed already. Could you please download and install our latest nightly build and see if the problem persists.

    You can find sig and SHA1 on the GPGTools Nightlies page.

    All the best, steve

    Disclaimer: This is a development version which has not been thoroughly tested yet - bugs or crashes are to be expected. Thanks for helping us test.

  2. 2 Posted by Nick on 03 Oct, 2014 05:10 PM

    Nick's Avatar

    Ah, yes, I hadn't yet downloaded the latest version. I see that in the current version I can select a particular user ID in the key info page and right click and select sign from the contextual menu, in order to sign a particular user ID rather than all IDs associated with the key. Bravo!

    Documentation or usability might be improved. Can the option to sign IDs be available from the contextual menu for signing the key? But anyway, glad to see this functionality is present.

  3. Support Staff 3 Posted by Steve on 04 Oct, 2014 05:50 PM

    Steve's Avatar

    Hi Nick,

    hm, do you have a suggestion how to solve this ideally?

    A solution might be to keep the menu item as is, but add a separate dialogue for the case when the user comes from the menu entry. The new dialogue then would have another dropdown to let the user select the UserID he is going to sign.

    Does that sound like a sane solution? Do you have other ideas?

    Best, steve

  4. 4 Posted by Nick Doty on 08 Oct, 2014 09:49 PM

    Nick Doty's Avatar

    I would suggest something like the following.

    The most typical model will be signing a key that has a single user ID or signing a key for a friend and all of her user IDs. So I think the menu item and the contextual menu on the key should lead to an interface that will by default sign all user IDs for the selected key.

    However, if you could have a collapsed "details" or "advanced options" in that sign sheet, it could have a small table view of the user IDs and allow the user to multi-select which IDs to sign. You could also put signature expiration details in that "advanced options" view. (I for one agree with other commenters that would prefer the default be no expiry, but either way I don't think it needs to be the most prominent option.) If a user uses the contextual menu on a single user ID, then open the same dialog, but with the "advanced options" opened up, with only that user ID selected.

    Also, while I like including the little documentation text in this panel, I think it could be improved. Can it visually be represented differently since it's explanatory rather than detail about the action you're going to take? Also, I think the English language version should be cleaned-up/clarified.

  5. Support Staff 5 Posted by Steve on 02 Nov, 2014 11:19 AM

    Steve's Avatar

    Hi Nick,

    current solution: to sign a single User ID:

    • please double click the key you want to sign
    • open the User IDs tab and select the User ID you want to sign

    The right-click and top menu option signs the entire key. This is not good and we've a ticket for this problem:

    If this discussion get's closed, it will be re-opened as soon as the ticket is closed so you'll receive a notification. Feel free to open a new discussions should you run into further problems or need assistance.

    I disagree that we should by default sign the entire key. While you may be a user very aware of the consequences of your actions, for most users this enitre topic is totally overwhelming. So the depth User IDs are actually checked might be rather shallow. So I think the default should be to sign only the primary User ID (which will likely be the most used User ID) and add an option to change which User ID is being signed.

    We yet have to work out, how to best solve this problem. The ticket now exists and this will likely not make it into the upcoming 10.10 beta, but we will address this further down the road.

    If you want to improve any of the dialogue texts, feel free to go ahead and send me an enhanced version via this discussion.


  6. 6 Posted by Nick Doty on 02 Nov, 2014 10:26 PM

    Nick Doty's Avatar

    +1, I think it makes sense for the default to be signing the primary User ID. For the common case where a key only has one User ID, that functions exactly the same, but it encourages users to sign only one ID unless they think about choosing more IDs.

    (It might be a good general rule that default options for verification/certification/signing should be the minimal set, and users select advanced options if they want to express greater confidence or broader verification.)

  7. Support Staff 7 Posted by Steve on 17 Dec, 2014 10:00 PM

    Steve's Avatar

    Absolutely. I think we have this covered with the existing ticket.

    Closing this discussion. It will be re-opened as soon as we have news regarding the ticket.

  8. Steve closed this discussion on 17 Dec, 2014 10:00 PM.

  9. Support Staff 8 Posted by Steve on 05 Mar, 2018 02:31 PM

    Steve's Avatar

    Could you please download and install our latest latest hotfix GPG Suite and see if that solves your problem. The entire signing dialog has been revamped.

    All the best,

    Disclaimer: This is a development version which has not been thoroughly tested yet - bugs or crashes are to be expected. Thanks for helping us test.

  10. Steve closed this discussion on 05 Mar, 2018 02:31 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac