To complete the PGP Keysigning process: 1. Sign All The Verified IDs On The Verified Keys gpg --keyserver pgp.mit.edu --recv-keys <Key_ID> gpg --sign-key <Key_ID> [ Verify the fingerprint against your sheet. You probably want to select (3) I have done very careful checking in this case, since we met in person and verified physical photo ID's. ] 2. Send The Signed Keys Back Up To The Designated Keyserver gpg --keyserver pgp.mit.edu --send-key <Key_ID> Finally, once everyone has signed everyone else's keys and sent them to the keyserver, you will want to download the signed versions once more from the keyserver. You can do this at any time without fear of overwritting keys--GnuPG will always merge the changes into your local keyring (--recv-keys) or the remote keyserver (--send-keys) as necessary. 3. Download the Signed Keys from The Designated Keyserver gpg --keyserver pgp.mit.edu --recv-key <Key_ID> It is a good idea to periodically re-download keys to receive new signatures, learn of revoked keys, etc. You can tell a signature was added by the output of --recv-keys. You can list key signatures with: gpg --list-sigs [<Key_ID>] where <Key_ID> is optional. You may notice some keys signed by unknown user ids. If you receive those keys from the keyserver(s) you can build your Web Of Trust to include people you don't know. This gets into how much you trust people with whom you have verified keys directly to sign *other* people's keys properly/securely. More on this later....