Crypto

OpenPGP Key Signing Policy

GnuPG / PGP

Current OpenPGP keys can be downloaded here.
There are also DNS CERT and PKA records in place to allow for lookups.

All keys are also available via SKS keyservers, such as subset.pool.sks-keyservers.net.
You are strongly advised to use subset.pool.sks-keyservers.net, as many other keyservers are broken and do not support modern key types.

Master signing and main key

This OpenPGP key consists of different parts for different purposes.
It consists of the master signing key used to sign other keys (certification). This part is never used on a system with network connectivity.
It also contains subkeys added at a later point in time allowing it to also be used as main key for encrypted email communication and to sign all software released on elho.net: 

pub   4096R/CF3401A9 2005-02-17
sub   2048R/BFED2D6D 2012-11-13
sub   2048R/BEAD4ABC 2012-11-13
uid                  Elmar Hoffmann <elho@elho.net>
uid                  Elmar Hoffmann <elmar.hoffmann@credativ.de>
      Key fingerprint = 8736 FE21 A2DF DDC9 8E5A  AD73 9579 52D7 CF34 01A9

Jabber key

This OpenPGP key is used for encrypted jabber communication only: 

pub   2048R/9D9CE06E 2010-02-20
uid                  Elmar Hoffmann <elho@jabber.elho.net>
      Key fingerprint = EC9B 77A9 D8D7 CA48 DEB5  0DB0 3541 A014 9D9C E06E

Previous main key

This OpenPGP key was used for encrypted email communication and to sign all software released on elho.net: 

pub   1024D/D98502C5 2005-02-17
uid                  Elmar Hoffmann <elho@elho.net>
uid                  Elmar Hoffmann <elmar.hoffmann@credativ.de>
      Key fingerprint = EAD6 5896 4BEE B99D 0B62  89ED 3F10 1691 D985 02C5

It is still valid, however the the master signing key is used as main key now.

Trust paths

There are trust paths to the keys from the Debian keyring and from both the DFN-PCA of the German reseach network DFN via the CA of the Aachen University of Technology and the CA of the German c't magazine.

Revoked keys

pub   2048R/2AD5D135 1998-04-13 [revoked: 2005-01-31]
uid                            Elmar Hoffmann <elho@elho.net>
uid                            Elmar Hoffmann <elho@gmx.net>
     Key fingerprint = 91 08 82 04 C5 53 89 AB  12 7D 3B 55 48 0F 25 29

pub   1024D/5413E94F 2002-01-28 [revoked: 2005-01-31]
uid                            Elmar Hoffmann <elho@elho.net>
uid                            Elmar Hoffmann <elho@gmx.net>
uid                            Elmar Hoffmann <elmar.hoffmann@credativ.de>
     Key fingerprint = 7F08 AE70 078A 042B 0F52  5F91 3ABA 7F90 5413 E94F

Links

OpenPGP Charter
OpenPGP Message Format (RFC 4880)

GNU Privacy Guard

PGP Tools including caff

Biglumber - key signing coordination (0xD98502C5)

PGP Digital Timestamping Service

SKS Keyservers

Moving keys and subkeys
Using multiple passwords with a single key

nasty GnuPG private key passphrase brute force tool
GPG symcrack GnuPG symmetric encryption passphrase brute force tool

Historic Links

PGP pathfinder and key statistics (0xCF3401A9, 0xD98502C5, Top 1000)

Wotsap - Web of trust statistics and pathfinder (0xCF3401A9, 0xD98502C5)

The Footsie Web of Trust analysis

OpenPGP SDK

SSH

If you need to give me access to an account, use my SSH public key:

Public SSH version 2 Ed25519 key (GnuPG signature)

SSL

All certificates of SSL enabled elho.net servers are signed with the following CA Certificate:

elho.net X.509 CA Certificate (PEM encoded) (GnuPG signature)
elho.net X.509 CA Certificate (DER encoded) (GnuPG signature)

XHTML1.1 CSS3 IPv6ready!

Last modified Tuesday, 22-Sep-2020 17:01:53 CEST