I've been encountering some confusion about signing. Just want to point out that there are 3 kinds of signatures. Your PGP program may automatically handle them for you, but in gpg,the reference standard, these are 3 separate commands. You can sign a file, a plaintext message, or a key. When we talk about signing on the forum, we are almost always talking about signing plaintext messages. Key signing is useful for establishing a web of trust, but you're supposed to do that after verifying a person's identity. Obviously, we're anonymous to each other, so we have no use for key signing. File signing, or at least verifying file signatures, is useful when downloading the Tor Browser Bundle, the Tails ISO, etc. It would be nice if more people did that. BTW, I like Key Master.