GPG
This page provides information about my GPG keys.
I sign my Git commits and software releases with my personal GPG key. This allows anyone to verify that a commit or release was actually made by me.
GPG keys
0xC991E66D062F7FB9
View on MIT keyserver - Download public key
I am actively using this key, as of .
Expires .
0x3A3F16614180CDE6
Not used as of .
Superseded by 0xC991E66D062F7FB9
.
Do not trust anything signed with this key after .
Used key servers
I distribute my GPG public keys on the following key servers:
You can also download my active public key directly from my website: https://joshuasing.dev/gpg.asc
Signing my GPG key
If you would like to sign my GPG key to acknowledge its authenticity, follow these steps:
-
Retrieve my GPG public key from a keyserver:
gpg --keyserver pgp.mit.edu --recv-keys 0xC991E66D062F7FB9
-
Verify the fingerprint of the retrieved key:
gpg --fingerprint 0xC991E66D062F7FB9
The fingerprint should be
4443 6051 2E05 0CAD 7FA0 05D2 C991 E66D 062F 7FB9
. -
Sign the key with your private key (passphrase may be required):
gpg --sign-key 0xC991E66D062F7FB9
-
Validate your signature:
gpg --check-sig 0xC991E66D062F7FB9
Ensure that the “good signature” message is display.
-
After signing the key, encrypt it with my public key (passphrase may be required):
gpg --armor --export 0xC991E66D062F7FB9 | gpg -se -r 0xC991E66D062F7FB9 > 0xC991E66D062F7FB9.asc.pgp
-
Send the signed and encrypted key file (
0xC991E66D062F7FB9.asc.pgp
) to me via email: [email protected]. -
Once I receive your email, I will decrypt and import the signed key, then send the key with your signature attached to my used keyservers.