This repository contains my various public keys as well as related documents. All commits should be signed using my current PGP key. Its validity can be verified using the web of trust, my website and the Debian keyring.
Inspired by Ximin Luo.
Taowa_Munene-Tardif.asc
travelphone.asc
The master key for my main key (Taowa_Munene-Tardif.asc) lives
offline and is manipulated using Tails running from a CD-ROM.
My subkeys live on a security token.
Please avoid sending me encrypted mail. If you must communicate securely with me, Signal or XMPP is much more likely to get you a prompt response.
On occasion you may find a travelphone.asc. This is the key for my
phone while I'm travelling.
I will certify (sign) a User ID when I am reasonably certain that it is controlled by the person or organization named on it. This is generally established by having met a person multiple times in public settings and having been presented with identity documents at some point, but I am willing to and have signed aliases when those using them are recognized under them. The certification will be emailed (or sent by XMPP for Jabber addresses) to the email or JID on the User ID. I do not certify User IDs that do not have an email or JID.
ssh_keys.pub
My primary SSH key is the same as my GPG subkey, and is thus on a security token. The file containing it should be detach-signed.
My backup SSH key is a traditional SSH key. It is stored offline. If
granting me any form of long-term access to a machine, please
add both to authorized_keys.
My OMEMO fingerprints are:
C95D3570 0C9A1D61 E355F6B2 680751B5 7F769D3B F91B9F83 600756EC D08A6362
My portion of my Signal safety numbers is:
31022 88968 06412 09527 43780 76098
It should appear either at the beginning or the end of the safety number shown by the app. Your portion will make up the other half.