GnuPG Key-Signing Tools

GPG Challenge is a script to send challenge emails for a challenge-response method of verifying UIDs on OpenPGP keys. It finds all UIDs that are valid and have not already been signed by the user for the key IDs given on the command-line, and generates email bodies containing some random data. These are passed onto the Mutt email client, where they should be signed, encrypted and sent to the signee. The signee should then reply to the email, keeping the random data intact. is based on code that Ingo Klöcker posted (archive at to the gnupg-users mailing list.


To get the latest version, checkout keysigning/ from the Subversion repository:

svn co 

or, simply download it from from

Usage KEYID...

Reporting Bugs

To submit bugs or feature requests please create a ticket with component set to "Keysigning".


The GnuPG Key-Signing Tools are free software; you can redistribute it and/or modify it under the terms of either version 2 or version 3 of the GNU General Public License as published by the Free Software Foundation.

The GnuPG Key-Signing Tools are distributed in the hope that they will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANT ABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

Note about GPG Challenge

The original script allows version 2 or later of the GPL in the permission text, which means you should be able to distribute the original under the terms of future versions of the GPL. I have explicitly chosen (as per the permission text: "either version 2 of the License, or (at your option) any later version") to apply only version 2 and version 3 of the GPL to the script. Future versions of the GPL may be added as I understand them.

A slightly modified (to remove the original author's details from the configuration) version of the original is available in revision 36 of the repository.

Last modified 8 years ago Last modified on Aug 12, 2016, 9:49:19 AM