Last Page Update: May 23, 2018
Last Major Key Update: May 23, 2018

You’re probably here because you either 1) received an email from me with a signature.asc attachment or a crazy BEGIN PGP SIGNATURE section at the bottom, or 2) received a business card from me with some PGP information on it.

Long story short: “PGP” or “GPG” is a protocol and a set of software that allows people to encrypt messages to one another. It also allows people to “sign” messages so other people who use PGP software can tell — with 100% certainty — that the email actually comes from the sender (it hasn't been forged) and that the message arrived without being edited while in transit.

I'm still working on a legitimate “peoples’ guide to PGP”, but here are some links you can look at:


Main Key 0x6E0E9923

0x6E0E9923 is my primary PGP key — click here to download it. You can corroborate the legitimacy of this key by finding it on other sources, by verifying it with me in another medium, and checking Keybase which contains some key+account ownership proofs via my Twitter, my GitHub, and other online profiles. This key is also available on most keyservers and on my ProPublica staff profile. You should also check the "full" key fingerprint to ensure that you have the correct key (output below with gnupg 2.2.0):

$ gpg --list-keys --fingerprint --fingerprint 0xA993E7156E0E9923
pub   rsa8192 2013-07-19 [SC] [expires: 2019-06-30]
      4034 E60A A782 7C5D F21A  89AA A993 E715 6E0E 9923
uid           [ unknown] Mike Tigas <mike@tig.as>
uid           [ unknown] Mike Tigas <mtigas@riseup.net>
uid           [ unknown] Mike Tigas <tigas@protonmail.ch>
uid           [ unknown] Mike Tigas <mike.tigas@propublica.org>
uid           [ unknown] [jpeg image of size 5863]
sub   rsa4096 2016-04-24 [S]
      1B37 D532 EDD4 869B 1C7B  C39A 14B8 78BA 95DA 684A
sub   rsa4096 2016-04-24 [E]
      74FD 6CD6 BA44 42A0 0323  1146 3980 AA6B 0F20 BBD2

The root 0x6E0E9923 identity key is stored offline for safety. The current subkeys 0x95DA684A and 0x0F20BBD2 are used for everyday signing and encryption operations. (There are some older subkeys & e-mail addresses attached to the PGP key; you might see them, but they can be ignored safely.)

The key expires on a scheduled basis (next: June 30, 2019) and will be refreshed at some point (no more than six months, and no less than two weeks) before the scheduled expiry date; if you've found that it's expired on your computer, come back here and download it again or refresh it from a keyserver.


"New" ECC Key 0xFC6562F6 (GnuPG 2.1+)

0xFC6562F6 is my "new-style" PGP key, utilizing elliptic curve cryptography and only compatible with GnuPG 2.1+ — click here to download it. This key is also available on most keyservers and it is cross-signed by the above (main 0x6E0E9923) key on any updates. You should also check the "full" key fingerprint to ensure that you have the correct key (output below with gnupg 2.2.0):

$ gpg --list-keys --fingerprint --fingerprint 0xCA58C8E5FC6562F6
pub   ed25519 2017-11-01 [SC] [expires: 2019-06-30]
      C7F8 ABA9 4110 DBA8 AB99  EBBA CA58 C8E5 FC65 62F6
uid           [ unknown] Mike Tigas <mike@tig.as>
uid           [ unknown] Mike Tigas <mtigas@riseup.net>
uid           [ unknown] Mike Tigas <tigas@protonmail.ch>
uid           [ unknown] Mike Tigas <mike.tigas@propublica.org>
sub   ed25519 2017-11-01 [S]
      8B46 418E 72AA 2356 DFD0  A259 C2D1 5850 3600 2D93
sub   cv25519 2017-11-01 [E]
      AE47 267A 8752 3330 6E62  DC1B A3EB 4C1D 0207 E2C6

The root 0xFC6562F6 identity key is stored offline for safety. The current subkeys 0x36002D93 and 0x0207E2C6 are used for everyday signing and encryption operations.

The key expires on a scheduled basis (next: June 30, 2019) and will be refreshed at some point (no more than six months, and no less than two weeks) before the scheduled expiry date; if you've found that it's expired on your computer, come back here and download it again or refresh it from a keyserver.


Signing Policy

If you’re really crazy about this stuff, you can read my key signing policy.

-Mike Tigas [web] [twitter]