For a long time now, I’ve been wanting to get more serious about signing and encrypting e-mails with public keys using GnuPG. I remember doing this as an exercise in a computer security course at university, and apparently I had this thought previously as I found another old key of mine uploaded to the key servers of the world. Unfortunately, I lost that key, and even though I had a revocation certificate (that I wrote by hand, bad idea), it didn’t help me (maybe because it was hand-written on paper).
Doing it right
I felt it was time to do it again, and to do it right! I have done the following things so far, please do tell me if something doesn’t make sense:
- Created a new RSA key pair
- Uploaded the public key to both GitHub (for signing commits) and SKS Keyservers (for e-mails, mainly).
- Made backups of the public and private key in the form of QR codes that I printed on regular A4 paper to keep as offline backups, in case I lose the key.
- Generated a revocation certificate that I also printed as a QR code on regular A4 paper to keep offline, in case I ever need to revoke the key.
- Set up Evolution to sign all my e-mails by default using this key.
- Sent an e-mail to foss-gbg suggesting a key-signing party.
I used QREncode to generate the QR codes. After my failure with the old revocation certificate I realized it would be better to have a simple machine-readable format for my backups.
The main thing I need now is to have the key signed (so come to the key-signing party, whenever that
will be), so that it can be used with confidence. My key fingerprint is
1EEF 527E 9341 888C 6D32 61D8 227C A2A2 FF16 BE40. But don’t just take my word for it, make me
prove it to you by meeting up and having me sign something for you!