pub 1024D/36511111 1999-09-24 Chris X Edwards <pgp@xed.ch>
Key fingerprint = 3B0B 45FF 826A FB7F 2F83 61CE ED56 50BE 3651 1111
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.0.0 (GNU/Linux) Comment: For info see http://www.gnupg.org mQGiBDfqxMURBADL1q3/fN4wix+7dCQD8K+OfajZmX1xBTjmhBZ+MzMzwOyRbF6d 7/VSbkYCmNDg/GcvKKSRawiiIINRlfKxbIvj/t0YrQvyupnRyg/K/JYOoKnsh5ay c+pModd38LA94GsxZ24iexFe+pRbKxhQ1kvoxZjvRstknVKJ3WiqrUNqKwCgpXBh UcrKYgCjLUkY05Wj9S/gajEEAIVcr9PyACYVxNq4o5O9+BWz02PY7Chil6hjCNQz yNJokE8VHVLQdhKzMSlIA6cv914H065s0pRj+/WHub9Dtx676l+FFVVmGVNfH4aX zusEtzRcYNGkjRVXdiLOo7vjGuxS39rcy9pfVfYnNcWrT3s6xuTJChCWOZPa4M/7 p7R3A/4+iOXJmBWhv4fDVQafcgZwDrAAXtsAmRrddsGzxcjOwhk3i024vDUxqVFM CElP+PmLnzj8wFUYHpCHJ55jDDXOOqsQREQcYClrpN28i64iH9RwyZwZGHmosf6G rtQbmlYpg5qRlG8eIYbBAG8mdORAL5vdKAxgtyOJNqVsCn8HV7QiQ2hyaXMgWCBF ZHdhcmRzIDxjaHJpc3hlZEB1c2EubmV0PohVBBMRAgAVBQI36sTFAwsKAwMVAwID FgIBAheAAAoJEO1WUL42URERXzMAnieus2kyQffw6L8ObAI0mGDIWYg6AJ9VXPQ8 zeiDziJwgKlkjj4CwaIgn7kBDQQ36sTUEAQApUM2nMoaQmKn42zfYXX/e8AXlcLk sf+ZVmAiDOj7GoPPvfG+20nHF/zBc8RGx4Un2ULtxInf0wVt1I3cO1LyOsl4ywk9 pDka+iF37L3KKoke8NQ5GzaWlxVypgks6SkaEsThKvjiU27amvqJa43k660+9jDz KUohgYGzW0cSLAsAAwUEAILRGUefdkZROtl54c6fb1QBlck0Ytzo1uLc2tQc6OYg N5M6mXvLRMko1JW4W/ZdMaPmaC4TbCmys2e+t479eb59zTRqO8rbHa/Bg906gdB0 D2WIl878To81GtLKofsoFmYu+9xnSWkzog8H/m+p65y0TRGzvRFbN5uS6Xdi5yNU iEYEGBECAAYFAjfqxNQACgkQ7VZQvjZRERHzWwCfV6YqKQVHT5dxWzAf4WBQrpSg b10AoIbFZsNlHcTLtUtrEgkU7uMBEQTM =bhb1 -----END PGP PUBLIC KEY BLOCK-----
My PGP/GPG notes.
Bruce Schneier has bailed on PGP.
Some people keep the faith .
Back in the real world, XKCD has it right .
NOTE: If you or I feel the need to use PGP/GPG do not use some lame email client add on to try to automagically make it all work. Don't use some key server. Use GnuPG on the command line to work directly with files containing the sensitive documents and the keys.
NOTE: Since I don't believe in the social constructs of key servers or the Web of Trust, all PGP/GPG activities will have to be predicated on establishing trust in public keys directly. Of course if that is feasible, it is probably easier to just establish a shared secret at that time and forgo asymmetric cryptography. This is especially true with my methodological emphasis avoiding email clients which I believe to be categorically useless for enhancing security.
Here are some common scenarios.
To verify something I sent or published came from me do the following.
- Obtain confidence that this web page has not been compromised.
- Meet me in person and learn why my PGP fingerprint is distinctive.
- Cut and paste this public key into a text file.
- Using command line gpg, check that the key's fingerprint is correct (as I have specified it).
- Save a copy of the document in question to the file system and run GPG on the file with the verified public key.
To send me something privately for my eyes only do the following.
- Obtain confidence that this web page has not been compromised.
- Meet me in person and learn why my PGP fingerprint is distinctive.
- Cut and paste this public key and save it.
- Run command line gpg to encrypt your file using my public key.
- Email me that file as an attachment. Or upload it to Dropbox or Pastebin or get it to me any way you like.
To prove to me that something you sent did in fact come from you do the following.
- Convey to me in some direct way (in person ideally) your PGP fingerprint or have it on a web site that I trust you to be in control of.
- Send me or host the public key any way you like.
- Sign the sensitive document file with your corresponding private key file using command line gpg.
- Send me or host the signed sensitive document any way you like.
For older posts and RSS feed see the blog archives.
Chris X Edwards © 1999-2017