Last Page Update: September 6, 2018
Last Major Key Update: September 6, 2018

This page contains verification and download links for my PGP keys, including previously used keys.

You’re probably here because you either 1) received an email from me with a signature.asc attachment or a crazy BEGIN PGP SIGNATURE section at the bottom, or 2) received a business card from me with some PGP information on it.

“PGP” or “GPG” is a protocol and a set of software that allows people to encrypt messages to one another. It also allows people to “sign” messages so other people who use PGP software can tell — with 100% certainty — that the email actually comes from the sender (it hasn't been forged) and that the message arrived without being edited while in transit. You can learn more at the following links:

PGP Key Transition

Please note that between September 2018 and June 2019 I am in the migrating from my previous keys of 0x6E0E9923 and 0xFC6562F6 to the hardware-only keys listed below

0xDFD760C4 [nistp512]

0xDFD760C4 is my ECC key, only compatible with GnuPG 2.1. I consider this my main key, though you may use 0x4A0D9711 below if this key doesn't work. This key is signed by my two previous keys, 0x6E0E9923 and 0xFC6562F6. This key is on Keybase and is available on most keyservers. The "full" key fingerprint is E93C 2D59 372F 3710 9B30 2EBD 916F BC3F DFD7 60C4.

The key was generated directly on a NitroKey Pro 2 and the private keys exist only on the device hardware. (Yes yes, I know, NIST curves are suboptimal. ed25519, which I would have chosen, is unsupported in the hardware I acquired. In a few years, I'll probably replace this by a hardware-backed ECC key with a safe, modern curve.)

The key expires on a scheduled basis (next: February 1, 2020) and will be refreshed within six months of the expiration date; if your computer says it's expired, try refreshing it or try downloading it from here again.

0x4A0D9711 [rsa2048]

0x4A0D9711 is my rsa2048 key, compatible with all implementations of PGP/GnuPG. It mostly exists for compatibility with folks that can't use ECC keys. As above, it's signed by my old keys (0x6E0E9923 and 0xFC6562F6) and can be found on keyservers. The "full" key fingerprint is FD3B BBED 1E20 7772 880A F6D0 62BF 065C 4A0D 9711.

Like the above key, the private keys exist only in hardware; this key was generated directly on a YubiKey NEO. This key follows the same expiration/renewal schedule as the above key.

Old: 0x6E0E9923 [deprecated rsa8192]

0x6E0E9923 was my previous main PGP key. It is the key listed on most of my business cards printed before September 2018. The identity key is an rsa8192 key and the active signing and encryption keys are rsa4096 keys. This key is also available on most keyservers. The "full" key fingerprint is 4034 E60A A782 7C5D F21A 89AA A993 E715 6E0E 9923.

The key expires on a scheduled basis — the next expiration is: June 30, 2019. As this key is deprecated, I will not be renewing it beyond this date.

Old: 0xFC6562F6 [deprecated ed25519]

0xFC6562F6 was my previous ECC PGP key, only compatible with GnuPG 2.1+. (It was rarely used and can be ignored in most contexts.) The "full" key fingerprint is C7F8 ABA9 4110 DBA8 AB99 EBBA CA58 C8E5 FC65 62F6.This key will also expire on June 30, 2019.

Key Signing Policy

PGP key signing policies are hopelessly pedantic and basically unenforcable on the real-world internet. But if you really care:

Mike Tigas [web] [twitter]