About PGP

How do I know I can trust your key?

There are a few ways to confirm where an email came from but checking the sender address isn't a reliable way to check. Signing emails with a PGP key can be a good way to verify an emails source but it isn't as simple as receiving a signed email.

Once you have verified that the key used to sign the email belongs to me, you can trust that any message signed with the key originated from me.

You can check if the key is mine in several ways.

Once you've established that you can trust the key you can sign it with your key.

View my key history and download my current PGP key here.

What do you do to keep your key secure?

I'm going to provide instructions, showing how I create and manage my keys and showing how you can do the same if you wish.

Creation

To create your key run the following commands.

gpg --generate-key