This page describes how to deal with certifications produced by GNOME Keysign.

So you have just produced a certification for an OpenPGP key and probably sent emails with the signed key.

In order to complete the keysigning protocol, you need to wait for the recipient to receive, decrypt, and respond with the certification that you have produced.

If you do not want to complete the protocol or do not want to send the email, you can store the produced certifications as a file. That file contains the plaintext version of the certifications. Be careful with them. You can, for example, hand them to your recipient via a trusted connection or import them to your local keyring. Again, be aware that these certifications are not encrypted under the recipients public key which means that if you hand them to the recipient they do not need to proof that they have access to the corresponding private key.

Another option is to import the certification to your local keyring. This will allow you to use the key as if the protocol has completed. If you use the button in the UI the program will produce a "local" signature. Those signatures cannot be exported. In addition, the signature will expire within a limited time, currently one day. After that, the certification will be discarded. This can be useful if you want to establish communication which does not rely on the full keysigning protocol to be completed. Again, be aware that the recipient has not proven anything to you just yet.

If you want to check whether the local signature has been imported successfully, you can open a terminal and type

    gpg --list-sigs

If everything worked correctly, you should be able to read the lines:

sig   L      81D8B4ABFDA6A417 2019-05-10  foo@bar

Where the "L" stands for local and the email address at the end of the line is yours. Unfortunately, GnuPG does not seem to tell you for how much longer the certification is valid.