Public PGP Keys
The following is the public key for my public identity via Gmail. To make use of it, you will want to have GnuPG installed.
From March 2019 to October 2021.
This key is used for signing and/or encrypting documents, like email messages or ordinary files. It is also used with GitHub to sign code commits for some projects.
Using My Key
You can download my current PGP key from the key server keys.openpgp.org. If you do not have access to a keyserver, you can download the PGP public key file from this site.
Once you have the key file perform the following command:
$ gpg --import 644CF77829C7C3BB5B868DC896A0664B9D482667.asc
Please feel free to sign my key, if you feel that you’ve verified my identity and that the key is mine. But don’t sign it with an exportable signature.
Why Use PGP?
PGP (Pretty Good Privacy) allows me to digitally sign, or even encrypt, emails or files. Signed emails or files means that you can be sure it is I who sent them. Encrypted emails and files means that only someone using the proper PGP key can decrypt them.
Only someone who can access my computer and then unlock my PGP keyring can sign anything as me. But given that only I know the password for my PGP keyring, it is rather unlikely that my signature be forged.
I use OpenPGP via GnuPG. On macos I use GPG Suite via Homebrew (packages gpg
, gpg-suite-no-mail
, gpg-suite-pinentry
).
Other Identities
For my personal identity I use ProtonMail (as well as the excellent ProtonVPN).
The following is my key for work.