This occurs when the key you have imported has not been signed. When you create a keypair, the keys are automatically signed. Similarly, when you import a key and once you are sure a key belongs to the correct person, you can sign that person's public key, indicating that you have verified the key.

The --sign-key command signs a key to use for encryption.

The usage format for the command is:

pgp --sign-key <user> --signer <signer> --sig-type <type> --passphrase <pass> [options]

Where:

<user> is the user ID, portion of the user ID, or the key ID of the key you are signing.

<pass> is the passphrase of the signer of the key.

[options] modify the behavior of the command. Options are:

--signer is the user ID, portion of the user ID, or the key ID of the signer of the key. If no signer is specified, the default key is used for signing.

--sig-type is the signature type: local, exportable, meta-introducer, or trusted introducer. The following signing options are available:

Signature Types

PGP Command Line supports several signature types:

• local means the signature is non-exportable, which means it cannot be sent with the key to a keyserver or exported in any way. Use this signature when you believe the key is valid, but you don't want others to rely on your opinion of the key.
• exportable means the signature is exportable, which means that the signature can be sent with the key to a keyserver or exported with the key. Use this signature when you believe the key is valid and you want others to be able to rely on your opinion of the key. They are not obligated to rely on your opinion.
• meta-introducer means this is a non-exportable meta-introducer, which means that this key and any keys signed by this key with a trusted introducer validity assertion are fully trusted introducers to you. This signature type is not exportable.
• trusted-introducer means that you certify that this key is valid and that the owner of the key should be completely trusted to vouch for other keys. This signature type is exportable.