Signing
----------

Simple way (not an offline master key):

    gpg --recv-keys $KEYHASH
    gpg --fingerprint   # check fingerprint
    gpg --sign-key $KEYHASH
    gpg --keyserver pgp.mit.edu --send-key $KEYHASH

However, I use an offline master key, which means I need to do a horrible
juggling trick of mounting an SD card or similar, specifying a `--homedir`, and
then exporting-and-importing the signed key when i'm done so it ends up in my
not-offline gpg homedir.