GPG Key
I (relunctantly) use OpenPGP via GnuPG. I am the owner of three keys:
- 0x43BF769C4ACA8B96 is the master key. It is 4096-bit RSA and has the fingerprint
C46D 8E7A 3F13 AD1C 8EC6 7848 43BF 769C 4ACA 8B96
. You should sign this key at keyparties and other events. I will use this key to sign your key at keyparties and other events. - 0x26794034633DBBC0 is the signing subkey. It is 4096-bit RSA. You should use this key to verify signatures created by me.
- 0xC62DAAAE93A31C56 is the encryption subkey. It is 4096-bit RSA. You should use this key to encrypt emails sent to me.
Of course, you should verify that the details above are correct by meeting me in person, but since that's usually inpractical I have put copies of this key in as many places as possible to help people verify that these keys are legitimate. Having copies in many independent, reasonably difficult to subvert places isn't perfect, but it's a whole lot better than nothing, so here's the list:
- Keybase which cryptographically ties these keys to most of my social media
- The
keys.gnupg.net
network - This site
- My GitHub account
Note that the signatures on a lot of these might be out of date though.
I used to use a Nitrokey Storage to protect my subkeys during day-to-day use, but unfortunately I lost it (note though that the Nitrokey is tamper-resistant and I have no reason to believe anyone was able to get their hands on the key material). Since August 2018 I have used an airgapped vault
qube in Qubes OS to protect my subkeys.
I also own the key 0xa8da10c057f65fa7. It was uploaded to keys.gnupg.net
and keyserver.ubuntu.com
. This GPG key has the following fingerprint:
B105 3164 B6C8 F4F7 C2B4 356F A8DA 10C0 57F6 5FA7
This key has been revoked due to the fact that it has been superceded by the above keys. See the revocation text for details.