Last Page Update: September 27, 2018
Last Major Key Update: September 27, 2018

This page contains verification and download links for my PGP keys, including previously used keys.

You’re probably here because you either 1) received an email from me with a signature.asc attachment or a crazy BEGIN PGP SIGNATURE section at the bottom, or 2) received a business card from me with some PGP information on it.

“PGP” or “GPG” is a protocol and a set of software that allows people to encrypt messages to one another. It also allows people to “sign” messages so other people who use PGP software can tell — with 100% certainty — that the email actually comes from the sender (it hasn't been forged) and that the message arrived without being edited while in transit. You can learn more at the following links:

PGP Keys

Please note that as of September 2018 I'm now using a hardware-only ECC key (0xDFD760C4) as listed below. The previous main key of 0x6E0E9923 is still available for continuity and compatibility.

Modern: 0xDFD760C4 [nistp512]

0xDFD760C4 is my ECC key, only compatible with GnuPG 2.1+. I consider this my main key, though you may use 0x6E0E9923 below if this key doesn't work. This key is on Keybase and is available on most keyservers. The "full" key fingerprint is E93C 2D59 372F 3710 9B30 2EBD 916F BC3F DFD7 60C4.

The key was generated directly on a NitroKey Pro 2 and the private keys exist only on the device hardware. (Yes yes, I know, NIST curves are suboptimal. ed25519, which I would have chosen, is unsupported in the hardware I acquired. Sometime in the next decade I'll probably replace this by a hardware-backed ECC key with a safe, modern curve.)

The key expires on a scheduled basis (next: February 1, 2020) and will be refreshed within six months of the expiration date; if your computer says it's expired, try refreshing it or try downloading it from here again.

Traditional: 0x6E0E9923 [rsa8192]

0x6E0E9923 is my rsa8192 key. It was previously my "main" key and it's the key listed on most of my business cards printed before September 2018. The identity key is an rsa8192 key and the active signing and encryption subkeys are rsa4096 keys. (The main key lives _only_ on an airgapped TAILS install, and the subkeys live in a YubiKey or trusted computers with full disk encryption.) This key is also available on most keyservers. The "full" key fingerprint is 4034 E60A A782 7C5D F21A 89AA A993 E715 6E0E 9923.

As above, this key expires on February 1, 2020 and will be refreshed within six months of the expiration date.

Old: 0xFC6562F6 [deprecated ed25519]

0xFC6562F6 was my previous ECC PGP key, only compatible with GnuPG 2.1+. The "full" key fingerprint is C7F8 ABA9 4110 DBA8 AB99 EBBA CA58 C8E5 FC65 62F6. (It was rarely used and can be ignored in most contexts.)

Key Signing Policy

PGP key signing policies are hopelessly pedantic and basically unenforcable on the real-world internet. But if you really care:

Mike Tigas [web] [twitter]