[Jim's Web Nook | GnuPG Keys]
I use GnuPG, the GNU Privacy Guard, to protect private email from potential eavesdroppers. I also use GnuPG to digitally sign email messages, so you can be sure that i actually wrote a message and that the message hasn't been changed between the time i wrote it and the time you received it.
I've written a longer explanation of GnuPG, private email, and digital signatures, where you can read about how (and why) to send me private email.
You ought to use GnuPG if you want to send private or confidential email, or if you want to prevent email messages from being forged. GnuPG is available for Linux, Unix, and Microsoft Windows.
My GnuPG public key is available right here:
Key ID Fingerprint Expiration Primary User ID C6F31FFA 99D8:1D89:8C66:08B5:5C34::5527:A543:8C33:C6F3:1FFA 2009-07-14 Jim Knoble <jmknoblepoboxcom>
If you'd like to send me private or confidential email, please encrypt it using this GnuPG public key. You can also use this key to verify a message that i've digitally signed.
I've set my normal GnuPG key (above) to expire after a year. This way, it's less likely that someone will send an important private message to me using an older key that could have been broken.
But, next year, I have to create a new GnuPG key. How do you know that my new key was generated by me and not by someone else trying to take advantage of the expiration window and impersonate me?
Here's how: I have a another GnuPG key (my "master key"), which I use only for signing my normal GnuPG key. When the normal key expires, I create a new normal key and sign it with my master key; this way, you can verify that the new key is also mine.
Any key used for signing messages or encrypting private messages which was created after 2008-07-14 should be signed with the following key-signing key; if not, you should not trust that the key came from me. Furthermore, I do not use my master key for anything else. If you receive a message or document signed with this master key, you should not trust it.
Key ID Fingerprint Expiration Primary User ID EFBB9234 7FD1:1E96:0A93:073E:C6CA::52C2:043B:E45C:EFBB:9234 2010-07-14 Jim Knoble (master key) <jmknoble+keysignjmknoblenet>
I've used the following GnuPG public keys in the past, but they're either expired or revoked (or both):
Key ID Fingerprint Status Primary User ID 4208A309 EDFC:11C0:8A4A:54B5:B4AB::57F4:FECA:475E:4208:A309 superseded on 2008-07-14
by key ID EFBB9234
Jim Knoble (old master key) <jmknoble+keysignpoboxcom> 6F39C2CC 5024:D578:7CF4:5660:7269::F6F3:B919:9307:6F39:C2CC expired on 2007-02-06 Jim Knoble <jmknoblepoboxcom> DD6A76D6 809F:09B9:9686:D035:4AB0::9455:124B:0A62:DD6A:76D6 superseded on 2006-02-07
by key ID 6F39C2CC
Jim Knoble <jmknoblepoboxcom> 13811491 31C4:8AAC:F24E:A70C:4000::BBF4:289F:EAA8:1381:1491 superseded on 2005-03-19
by key ID DD6A76D6
Jim Knoble <jmknoblepoboxcom> E7511718 487A:3EC4:916F:9054:FC86::D7CA:1280:E107:E751:1718 superseded on 2001-04-21
by key ID 13811491
Jim Knoble <jmknoblepoboxcom>
Please don't send private email to me using any of these keys. You may still use them to verify digital signatures, but no messages signed using these keys should have been signed after the date the key is expired or revoked. (If you find a message or document that is signed after the key's expiration or revocation date, please inform me).
[Jim's Web Nook | GnuPG Keys]