This page describes how to retrieve and verify my PGP public key. These instructions are for GnuPG (GPG), but other OpenPGP implementations should work similarly.
I use PGP primarily for signing emails I am sending. You can also use this key to encrypt sensitive email to me.
|Type||PGPv4, 4096-bit RSA|
|Primary UID||Thomas Preissler <firstname.lastname@example.org>|
|Fingerprint||BA35 9D78 2002 64B3 6331 4AF5 E383 9138 A11F FD2A|
$ gpg --keyserver hkps://hkps.pool.sks-keyservers.net --recv-key 0xBA359D78200264B363314AF5E3839138A11FFD2A
Alternatively, download my public key and import it into GPG:
$ gpg --import 0xBA359D78200264B363314AF5E3839138A11FFD2A.pub.asc
It is important that you verify that the key you downloaded actually belongs to me.
I am working on this to implement, please bear with me.
I am working on this too, please bear with me.
You can verify that the key you downloaded has the same fingerprint as is listed at the top of this page, provided that this page was served over HTTPS from my domain name. HTTPS provides some assurance that the page has not been altered. However, HTTPS is only as secure as the public certificate authority system. This site also implements HPKP with the "preload" flag, this should improve the security of this site and mitigate this.
To calculate the fingerprint of the key you downloaded:
$ gpg --fingerprint email@example.com
Make sure the "Key fingerprint" that it outputs matches the fingerprint at the top of this page.