Kate's Comment

Thoughts on British ICT, energy & environment, cloud computing and security from Memset's MD

How to add additional email addresses to your GPG identity (and a face pic)

This is an addendum to my article on how to encrypt email using PGP and Thunderbird.

I have many email addresses; my Memset one, my personal one (at craig-wood…), my Wood Tech one and others. All of these are tied into just one PGP identity which makes life much simpler both for me and also people wishing to communicate with me; if you only have your PGP identity tied to one email address then if they try to send you an encrypted message to a different address (which actually happens more often than you’d think) they need to select the right identity from a list each time – very tiresome!

Adding an additional email address to your GPG identity

You can do this via Thunderbird’s Keychain Access widget (top ment -> “OpenGPG” -> “Key Management”) via the options accessed from right-clicking your own identity and selecting “Manage User IDs”. Personally I find it simplest to manage your personal key details via the command line however. The instructions should work equally well either way. Open up a terminal window and enter:


gpg --edit-key your.email@your-domain.com

You are now on the GPG command line. To add a mail identity simply type “adduid” and hit enter. You will then be prompted for the following:

  1. Real name: You probably want to enter your real name here, but you might have a pseudonym which you want to add for convenience. Don’t do this if you don’t want the pseudonym to be associated with your real name though! I actually have two PGP keys, the other for my “alternative community” pseudonym.
  2. Email address: The new email address that you’re adding to your key.
  3. Comment: I generally enter a URL here and that seems to be a convention. Most of my email identities are associated with a different organisation or Web site.

Next check the details and if you’re happy hit “o” (okay) then <enter>.

For some reason it shows the new identity as untrusted. I don’t think this step is necessary, but I also typed “trust” and selected “ultimate” (press 5 and hit enter) just to be sure. You should only ever trust yourself ultimately by the way! Even my brother Nick only gets “full” trust from me for example.

Adding a photo to your GPG identity

You can also add other useful identifying information to your PGP identity such as a picture of yourself. Not many systems seem to use this, but I’ve done it on mine since after all we mainly identify people via their faces. If you have my key in your keychain (my public key is here) then you’ll be able to view the photo associated with my ID by opening Thunderbird’s Keychain Access widget (top ment -> “OpenGPG” -> “Key Management”), right-clicking on my identity (kate at craig-wood etc) the selecting “View Photo ID”

To add a photo to your identity; enter “addphoto” on the GPG command line, then enter the filename of the image you want to use (you’ll need to enter the full path).

In this case it may well be simpler to just use Thunderbird’s widget since you get a nice file browser selection tool. Just right-click your own identity in the list, select “Add Photo” and browser to your chosen pic. Generally one clearly showing your face is a good idea; think passport photo style.

Saving changes and finishing up

To apply the changes you need to “Save and Quit” from the GPG command line. To do this simply type “save” and hit <enter>.

Note that if you have used GPG on the command line to edit your key then you’ll need to restart Thunderbird to see the changes.

Also note that you can access help at any time from the GPG command line by typing “help”+<enter>.

You’ll likely also want to re-upload your public keys to a keyserver. You can do this from the command line but personally I find it a lot easier to do via GPG Keychain Access, the graphical interface under MacOS, or Thunderbird’s keychain widget. In either case right-click on your own key and select “Upload Public Keys to Keyserver” (or equivalent).

Bugs / issues

After doing this I started getting errors from Thunderbird when sending messages saying my key was out of date. This was actually a bug in the way the GPG agent handles passwords. The fix was quite simple, though time-consuming to find; just install the latest GPG Suite from GPGtools.org.

No comments yet...