This page describes how to retrieve and verify my PGP public key. These instructions are for GnuPG (GPG), but other OpenPGP implementations should work similarly.

I use PGP primarily for signing emails I am sending. You can also use this key to encrypt sensitive email to me.

Details

TypePGPv4, 4096-bit RSA
Primary UIDThomas Preissler <thomas@preissler.co.uk>
FingerprintBA35 9D78 2002 64B3 6331 4AF5 E383 9138 A11F FD2A

Getting My Key

From a public key server

$ gpg --keyserver hkps://hkps.pool.sks-keyservers.net --recv-key 0xBA359D78200264B363314AF5E3839138A11FFD2A

From my website

Alternatively, download my public key and import it into GPG:

$ gpg --import 0xBA359D78200264B363314AF5E3839138A11FFD2A.pub.asc 

Verifying My Key

It is important that you verify that the key you downloaded actually belongs to me.

Best Option: Use my Business Card

I am working on this to implement, please bear with me.

Second-Best Option: Use the Debian Keyring (for Debian/Ubuntu users)

I am working on this too, please bear with me.

Weakest Option: Trust this Website

You can verify that the key you downloaded has the same fingerprint as is listed at the top of this page, provided that this page was served over HTTPS from my domain name. HTTPS provides some assurance that the page has not been altered. However, HTTPS is only as secure as the public certificate authority system. This site also implements HPKP with the "preload" flag, this should improve the security of this site and mitigate this.

To calculate the fingerprint of the key you downloaded:

$ gpg --fingerprint thomas@preissler.co.uk

Make sure the "Key fingerprint" that it outputs matches the fingerprint at the top of this page.