Here it is, finally: Monkeysign 1.0! I have implemented all the features I felt were necessary for a first stable release, so here it is.

Monkeysign is a user-friendly tool to easily and securely exchange OpenPGP key certifications. See the website for more information.

The 1.0 release now properly sends separate email for each signed UIDs, has manpages for the two programs and, more importantly, doesn't copy your secret key around anymore. Translation of the user interface is now possible and we also ship a ton of tweaks and bugfixes.

To install monkeysign, you should be able to do:

sudo apt-get install monkeysign

The backport to wheezy was updated to 0.9 not so long ago and will soon be updated to 1.0 too. For users of other Linux distributions, try:

git clone git://
cd monkeysign
sudo ./ install --record=install.log

For more information, including how to get a tarball to create packages for other distributions, see the homepage.

Detailed list of changes since monkeysign-0.9:

  • stop copying secrets to the temporary keyring
  • make sure we use the right signing key when specified
  • signatures on multiple UIDs now get properly sent separately (Closes: #719241)
  • this includes "deluid" support on the gpg library
  • significantly refactor email creation
  • improve unit tests on commandline scripts, invalid (revoked) keys and timeout handling
  • provide manpages (Closes: #716674)
  • avoid showing binary garbage on export when debugging
  • properly fail if password confirmation fails
  • user interfaces now translatable
  • accept space-separated key fingerprints
  • fix single UID key signing
  • proper formatting of UIDs with comments (removed) and spaces (wrapped) for emails