Last Updated: June 12, 2016
(Key last refreshed on June 12, 2016. New subkeys generated on April 24 due to hardware loss on previous subkeys.)
You’re probably here because you either 1) received an email from me with a
signature.asc attachment or a crazy
BEGIN PGP SIGNATURE section at the bottom, or 2) received a business card from me with some PGP information on it
Long story short: “PGP” or “GPG” is a protocol and a set of software that allows people to encrypt messages to one another. It also
allows people to “sign” messages so other people who use PGP software can tell — with 100% certainty — that the email actually comes
from the sender (it hasn't been forged) and that the message arrived without being edited while in transit.
I'm still working on a legitimate “peoples’ guide to PGP”, but here are some links you can look at:
0x6E0E9923 is my primary PGP key — click here to download it. You can corroborate the legitimacy of this key by finding it on other sources, by verifying it with me in another medium, and checking Keybase which contains some key+account ownership proofs via my Twitter, my GitHub, and other online profiles. This key is also available on most keyservers and on my ProPublica staff profile. You should also check the "full" key fingerprint to ensure that you have the correct key:
$ gpg --list-keys --fingerprint --fingerprint 0xA993E7156E0E9923 pub 8192R/0x6E0E9923 2013-07-19 [expires: 2018-01-31] Key fingerprint = 4034 E60A A782 7C5D F21A 89AA A993 E715 6E0E 9923 uid Mike Tigas <email@example.com> uid Mike Tigas <firstname.lastname@example.org> uid Mike Tigas <email@example.com> uid Mike Tigas <firstname.lastname@example.org> sub 4096R/0x95DA684A 2016-04-24 Key fingerprint = 1B37 D532 EDD4 869B 1C7B C39A 14B8 78BA 95DA 684A sub 4096R/0x0F20BBD2 2016-04-24 Key fingerprint = 74FD 6CD6 BA44 42A0 0323 1146 3980 AA6B 0F20 BBD2
0x6E0E9923 identity key is stored offline for safety. The current subkeys
0x0F20BBD2 are used for everyday signing and encryption operations.
There are some older subkeys attached to the PGP key, all of which are revoked and no longer used. You may see them, depending on how you are viewing my key:
sub 8192R/0x7E745064 2013-12-24 [revoked: 2015-03-12] Key fingerprint = 0F3B 15DC 3F8A 34CD B9D5 497C ECB8 6729 7E74 5064 sub 8192R/0xE55F7656 2013-07-19 [revoked: 2015-03-12] Key fingerprint = 73E4 3A10 3D21 A962 0E5C 41F0 B09C CE88 E55F 7656 sub 2048R/0x5410F8C4 2015-03-12 [revoked: 2016-04-24] Key fingerprint = A577 FE9F 0CCA 8AC7 2845 A101 8DE8 FCA6 5410 F8C4 sub 2048R/0xA7F9FB72 2015-03-12 [revoked: 2016-04-24] Key fingerprint = DEEF 6A2C 795F 11D0 13E8 B17A 641D 4E3A A7F9 FB72
The key expires on a scheduled basis (next: January 31, 2018) and will be refreshed at some point (no more than six months, and no less than two weeks) before the scheduled expiry date; if you've found that it's expired on your computer, come back here and download it again or refresh it from a keyserver.
If you’re really crazy about this stuff, you can read my key signing policy.
-Mike Tigas [web] [twitter]