With my current OpenPGP key set to expire in the middle of December I’ve decided to extend its life by changing the expiry date for the primary signing key 0xFEEEFA8F and adding a new encryption subkey that can be used when the existing one expires. The new expiry date for the main signing key as…
Tag Archives: PGP

The “war” over PGP
Recently there have been two very good, and opposing, articles written on the state of Pretty Good Privacy (PGP) and whether or not it is worth using in 2016/2017 and beyond. You can find the original article, I’m throwing in the towel on PGP, and I work in security, at Ars Technica here but I’ve reproduced…
Backup your OpenPGP key on paper using paperkey
If you are worried about your hard drive one day crashing and you losing access to your OpenPGP key (and thus the contents of your encrypted e-mails) then you should have been using a backup! That said an extra archival method of storing your key completely offline would be to use a program called paperkey…
gpg.conf current best practices (April 2015)
While I am by no means a security expert the following are the current best practices for configuring your gpg.conf file as best as I can determine. Key usage options default-key <your primary key> Use <your primary key> as the default key to sign with. If this option is not used, the default key is…
Test your PGP key for potential problems
As advances in cryptography and technology move forward there is a chance that your once secure system may suddenly be relying on outdated (and perhaps now broken) algorithms or implementations. Some good examples of this in recent memory are the breaking of the MD5 hash algorithm and the constant problems plaguing the RC4 encryption cipher…

Increasing the protection of your stored PGP key
I recently came across a very good (albeit sort of old) post over at Chris Wellons’ null program blog about increasing the default protections on your stored PGP key. The short hand version is that gpg attempts to protect your PGP key from theft by encrypting it on disk so that if anyone gets access…
Decentralize public PGP keys with pgp.asc
Came across pgp.asc a while back but finally got around to setting it up here. What is pgp.asc? From their website: What is pgp.asc? pgp.asc is an initiative to decentralize public PGP keys, making it easier to get an up to date and authenticated key. Sounds complicated? It isn’t: Just upload your public PGP key…
Force Thunderbird/Enigmail to use a specific signing (hash) algorithm
If you’ve had issues trying to get Thunderbird to send your PGP signed e-mail using anything other than SHA-1 there is a quick and easy fix that will let you pick whichever hash you prefer. 1) Open up Thunderbird’s preferences 2) On the Advanced Tab, under General click Config Editor… 3) In the about:config window…

Is there a safe way to put a PGP key in your Twitter bio?
After reading this I’m still not 100% sure there can ever be a completely “safe” way to do this with Twitter. That said some ways are certainly better than others… Personally I think the best of the approaches listed is to include the full key fingerprint and then to also periodically tweet the details. At…
Transitioning to a new key
Below you will find my OpenPGP Key Transition notice signaling my intention to migrate from my current key (0x1CD3E3D8) to my new one (0xFEEEFA8F). Note that it is very likely that the software used on this website will render the notice in such a way as to invalidate the signature below. Instead please see the…