GPG

This page provides information about my GPG keys.

I sign my Git commits and software releases with my personal GPG key. This allows anyone to verify that a commit or release was actually made by me.

GPG keys

0xC991E66D062F7FB9

View on MIT keyserver - Download public key

I am actively using this key, as of .
Expires .

0x3A3F16614180CDE6

View on MIT keyserver

Not used as of . Superseded by 0xC991E66D062F7FB9.
Do not trust anything signed with this key after .

Used key servers

I distribute my GPG public keys on the following key servers:

• pgp.mit.edu
• keyserver.ubuntu.com

You can also download my active public key directly from my website: https://joshuasing.dev/gpg.asc

Signing my GPG key

If you would like to sign my GPG key to acknowledge its authenticity, follow these steps:

1. Retrieve my GPG public key from a keyserver:

   gpg --keyserver pgp.mit.edu --recv-keys 0xC991E66D062F7FB9

2. Verify the fingerprint of the retrieved key:

   gpg --fingerprint 0xC991E66D062F7FB9

   The fingerprint should be 4443 6051 2E05 0CAD 7FA0 05D2 C991 E66D 062F 7FB9.

3. Sign the key with your private key (passphrase may be required):

   gpg --sign-key 0xC991E66D062F7FB9

4. Validate your signature:

   gpg --check-sig 0xC991E66D062F7FB9

   Ensure that the “good signature” message is display.

5. After signing the key, encrypt it with my public key (passphrase may be required):

   gpg --armor --export 0xC991E66D062F7FB9 | gpg -se -r 0xC991E66D062F7FB9 > 0xC991E66D062F7FB9.asc.pgp

6. Send the signed and encrypted key file (0xC991E66D062F7FB9.asc.pgp) to me via email: [email protected].

7. Once I receive your email, I will decrypt and import the signed key, then send the key with your signature attached to my used keyservers.