Last updated: March 23, 2021
(Key last refreshed on December 30, 2019 with a two-year expiry.)
Before reading this it would probably be worthwhile to note that I’m attempting to move away from PGP; many well-respected cryptographers have voiced their opinions on everything wrong with PGP. People often counter me by mentioning Debian/Ubuntu’s package archive signing or by saying “you should sign your Git commits for authenticity”; I am not Debian/Ubuntu and signing Git commits is not as simple as it sounds. Moving forwards:
- I’ll be using Signal for conversing securely.
- I’ll be using age for encrypting files.
- I’ll be using Starsign for signing files.
- I’ll be using croc for sharing files.
17079536 is my primary PGP key. In can be found mirrored in several places on the web in order to corroborate its legitimacy:
- https://launchpad.net/~chtjonas (listed under ‘OpenPGP keys’)
It can also be found in my DNS zone file, secured with DNSSEC, which enables some of GnuPG’s automatic key location features. Import my key using any of the following commands (PKA support has been deprecated and removed from recent version of GnuPG so if one of these commands doesn’t work for you then try another):
gpg --auto-key-locate pka --locate-keys email@example.com gpg --auto-key-locate dane --locate-keys firstname.lastname@example.org gpg --auto-key-locate wkd --locate-keys email@example.com curl -sS https://id.charliejonas.co.uk/pgp.asc | gpg --import gpg --fetch-keys https://id.charliejonas.co.uk/pgp.asc
You should always check the full key fingerprint to ensure that you have the correct key:
$ gpg --list-keys --fingerprint 17079536 pub rsa4096 2019-12-30 [SC] [expires: 2022-12-29] 8CD7 4A23 73F6 3BCB 63C6 7D53 D380 96FC 1707 9536 uid [ultimate] Charlie Jonas <firstname.lastname@example.org> sub rsa4096 2019-12-30 [E] [expires: 2022-12-29]
The exact output may vary depending on your operating system, client software and trust settings.