About PGP/GPG encryption and signing

Last Page Update: January 6, 2025
Last Major Key Update: January 6, 2025

This page contains information about how to use e-mail encryption (via PGP) when corresponding with me.

“PGP” (aka "GPG" or "GnuPG") is a protocol and a set of software that allows people to encrypt & verify messages sent to one another. You can learn more here.

tl;dr:

Some PGP/GPG software & some services (such as ProtonMail) support automatic encryption by using WKD to auto-discover keys. If you use such a service, then your e-mails to my personal address should automatically use encryption.
If you use other software compatible with PGP/GPG — such as Enigmail or GPG Suite — you can use that software to encrypt a message to me: you can download my key below.
You can also generate an encrypted message at this link:
https://keybase.io/encrypt#mtigas
1. Write your message in the box. (Make sure the recipient says "mtigas".)
2. Click the "Encrypt" button.
3. Copy the "secret message" that it generates
4. Paste that "secret message" into an e-mail or DM or other communication to me.

The rest of this page is primarily for advanced folks with PGP-compatible software, and it includes more technical details that can be useful for verifying PGP-encrypted communication with me.

PGP Keys

Please note that as of September 2018 I'm now using an ECC key (0x9090861B) as listed below. The previous RSA key of 0x6E0E9923 is still available for compatibility.

Modern: 0x9090861B [ed25519]

0x9090861B is my main key; click here to download it. It should be compatible with most modern GPG/PGP software. (You may use 0x6E0E9923 below if this key doesn't work, since older software might not like this one.) This key is available on most keyservers; it's also on Keybase, which has some links/proofs using other online accounts I own. The "full" key fingerprint is 3966 6CC7 46E8 2D6E F94D 3C4A EA15 00E2 9090 861B.

The key expires on a scheduled basis (next: February 1, 2027) and will be refreshed (with a new expiration date) before then; if your computer says it's expired, try refreshing it or try downloading it from here again.

Traditional: 0x6E0E9923 [rsa8192]

0x6E0E9923 is my legacy RSA-based key. It's older and I keep it around b/c some legacy software still doesn't support newer ECC/ed25519 keys -- if you have trouble with the above key, try this one instead. The "full" key fingerprint is 4034 E60A A782 7C5D F21A 89AA A993 E715 6E0E 9923.

Like the above key, this key expires on February 1, 2027 and it should be refreshed before then.

Other Keys

0xFC6562F6 was a previously-used ed25519 PGP key, with a fingerprint of C7F8 ABA9 4110 DBA8 AB99 EBBA CA58 C8E5 FC65 62F6.
0xDFD760C4 was a nistp512 PGP key that was generated in Nitrokey hardware and decommissioned due to a firmware issue; E93C 2D59 372F 3710 9B30 2EBD 916F BC3F DFD7 60C4.

Key Signing Policy

PGP key signing policies are hopelessly pedantic and basically unenforcable on the real-world internet. FWIW, I normally only sign keys when I've met a person in real life. But in general, ¯\_(ツ)_/¯.

Mike Tigas [web] [twitter]