My GPG public key, Verification of Identity

Posted
Comments None

Fetching my Public Keys

You can fetch my key via:

gpg --recv-keys 748231EBCBD808A14F5E85D28C004C2F93481F6B

Alternatively, if you prefer importing manually/not to use a keyserver, then you can find my pubkeys in ASCII-armored and binary formats.

SKS Mirror

Using

Additionally, I run an SKS server found at https://sks.mirror.square-r00t.net (stats) – to use with GnuPG, you can use the following:

  • hkp://sks.mirror.square-r00t.net (plaintext)
  • hkps://sks.mirror.square-r00t.net (encrypted)

as your --keyserver argument to gpg, or via dirmngr:

echo 'keyserver hkps://sks.mirror.square-r00t.net' >> ~/.gnupg/dirmngr.conf
gpgconf --reload dirmngr

Please contact me if you encounter any issues. It is, however, also included in the SKS mirror pool.

Peering

If you would like to peer with me, please send me an email.

Make sure you include the following information:

  • Subject: SKS PEER REQUEST
  • Your GPG Key Fingerprint/full key ID (not long or short key ID)
  • Your member line (e.g. my.key.server.tld 11370 # Name <email> 0xYOURKEYID)
  • What SKS version you’re using
  • When your last full dump is from and where you got it from
  • If you support IPv4, IPv6, or both
  • If you support HKPS
  • Your Status URL
  • The number of currently loaded keys
  • The geographical location of the server
  • A direct contact for administrative purposes if it differs from the address the request was sent from (will not be released publicly)

Signing my key

Once imported, you can then sign my key (alternate reference) and verify any signatures I have made. Please see Signature Pushing.

Proof/Verification of Identity

If you are geographically far from me (and a physical meeting is unlikely) but you would like further confirmation/verification, please feel free to email me (Subject: GPG IDENTITY VERIFICATION REQUEST) to arrange a video conference to do this.

Signing/Trust Policy

I will give exportable signatures to keys of which key owners provide proof of identification/ownership.

For keys that are not validated owned/identified, they are limited to local/non-exportable signatures only.

If you have generated a new primary key and I have signed the previous one, send me an email GPG-signed by you (using the old key) notifying me of your old key fingerprint, the new key’s fingerprint, and where the new public key can be fetched (if not attached). Trust will be granted but limited to a lower level than before until sufficient proof of ownership is given (I’ll tell you what you need for the next level if requested).

If you no longer have access to your old key, a local/non-exportable signature only will be made until further verification of identity can be provided.

Signature Pushing

I explicitly grant you permission (and encourage you) to push signatures of my key to public keyservers. I prefer https://pgp.mit.edu or hkps://hkps.pool.sks-keyservers.net (or use my own peer) but many keyservers syndicate and sync amongst each other these days, so chances are whatever public keyserver you use will be fine.

If you do NOT want me to push my signatures on your key to a keyserver, please alert me to this before I sign your key. If this is the case, I will create a non-exportable signature of your key for local use only.

Keybase.io

I am on Keybase.io as squarer00t.

Changelog/Verification of this post


This article was originally composed on December 19, 2016.

Updates:
-Oct 24, 2017: Added collated contact info
-Sep 07, 2017: Removed trust info (GnuPG keeps it secret, so I probably should too)
-Aug 30, 2017: SKS info added
-Aug 26, 2017: Signing/trust policy added
-Aug 25, 2017: Include complete key ID

My GPG pubkey fingerprint is:

7482 31EB CBD8 08A1 4F5E  85D2 8C00 4C2F 9348 1F6B

Detached signature of the above (ASCII text, *nix line-endings, ending with a newline character):

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEdIIx68vYCKFPXoXSjABML5NIH2sFAlnu74IACgkQjABML5NI
H2vhbg/+P+W9LEuU6DsqHhR7qq9MHtvm2RfoezVohWykllCKN48D9Mr1HZqdSP2+
/nh+nCJY1ZCmGT54nVnNDnN4vSJBMiX0ZUJ0esa2ysluG0V6EtFYeYIPSf/9yUM1
HBrw8lp1qdyaspiONOOyo3hWxIfoHtaNiyjRh5QlJE5XOk+4xmXv2EIIWiqskdJb
2fOwvffdT9/e0JSd5Uqvq4CjvccbC0TnWlUM0vS61Gl0loGHQoro4xF4R3OGah9Y
5u0y/i9aeyBwfCBKBOeqtrAq0V7htDAWCDr4/vDjRQfqSatrVTVZiUhXHkP4WJij
pLRWaF40mkBYmCdGt/XwT9RxsBB77SU3WDj259ArnSqBrpslCf3s7I9Y7D92lpPk
JN40+x2JgYRaK4qDLEGsXiCBlTgP+GiyNJp48Eq0RnP53brIkn+EG1OOYBYBRFWf
j54s40Nm5nyYbzMjpHAql131/hCJWFhTbyKAwZvoQ8ZCmyr4/bM8e6OWdeIh6cln
XxIJWsbd/IwR+M/0yXTiCnoQI3jtunwL/xryGacyX54uXgxWP+HSEt400QI9CH8w
SpBYiB7kCUouXXj7Ki3F4NkW3WTBgx7h4++BP9L4kn71mksBEHYY+zgJhDZxhh8x
HjEmnbaVfYUJSd7/vrOCNBTkYbxc7Bk/X9ywAqQqD6AsLPO1Unk=
=5Ynk
-----END PGP SIGNATURE-----

Contact Information

If you need to contact me, please feel free to do so via:

Author
Categories Meta

Comments

There are currently no comments on this article.

Comment...

Enter your comment below. Fields marked * are required. You must preview your comment before submitting it.





← Older Newer →