About PGP

Should I trust your key?
How do you keep your keys secure?
How can I create my own keys?

How do I know I can trust your key?

There are a few ways to confirm where an email came from but checking the sender address isn't a reliable way to check. Signing emails with a PGP key can be a good way to verify an emails source but it isn't as simple as receiving a signed email.

Once you have verified that the key used to sign the email belongs to me, you can trust that any message signed with the key originated from me.

You can check if the key is mine in several ways.

If you trust this website, you can trust the key provided here.

If you know my contact details, you can confirm the keys fingerprint with me.

If you do not know me and still need to verify the key, you could video call me and verify the fingerprint and some photo ID.

Once you've established that you can trust the key you can sign it with your key.

View my key history and download my current PGP key here.

What do you do to keep your key secure?

I'm going to provide instructions, showing how I create and manage my keys and showing how you can do the same if you wish.

Creation

To create your key run the following commands.

gpg --generate-key