So I attend the Key Signing party, exchanged my signatures, and even get emails telling me that my key is signed. I'm now a bit lost on what shall I do next, and trying to google for the answer didn't help much either. The closest I found is: GPG Tutorial https://futureboy.us/pgp.html#UpdatingKeys and I've checked the following sections: Updating Keys People are constantly updating their keys for various reasons: - Keys get compromised or lost and they are revoked. - Keys are signed by more people, building a Web of Trust <https://futureboy.us/pgp.html#WebOfTrust>. . . Who Signed My Key? Now that you've updated keys from a keyserver, you might want to see who has signed your key. After all, *anyone* can sign *any* key and re-upload that key to a key server. You can see the signatures with the --list-sigs command to gpg . . . However, I'm still at lost understanding them. I.e., I tried both the suggested commands, but can't see any sign that my key is signed by more people, and any of their emails. All that I know is that - I get an email telling me that my key is signed. - I'm able to decrypt it, and see an attachment of mykey.asc: --------------B954318AC305B6429BF6150D Content-Type: text/plain; charset=UTF-8; name="mykey.asc" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="mykey.asc" What steps I shall do next? (Instruction for the command line is more welcome than using GUI) Thanks!