OpenPGP Keys Usage and Signing Policy


On this page, I'll try to formalise my handling of OpenPGP keys.

I'm a frequent user of OpenPGP and in the process of switching my keys from former standard strength variants to stronger variants, to cope with the progress in cryptography and computing power.

Key Inventory

My current keys are:

sec   4096R/4687AF4F 2011-11-24
uid                  Toni Mueller 
uid                  Toni Mueller 
uid                  Toni Mueller 
uid                  Toni Mueller (code signing) 
ssb   4096R/2DE1AA9A 2011-11-24

sec   4096R/96563E79 2014-01-26
uid                  Oeko.neT Vertrieb (Verteiler) 
uid                  Toni Müller 
uid                  Antonius Müller (do not use) 
uid                  Toni Müller 
ssb   4096R/1A3AB4A6 2014-01-26

The transition from 75CB1AD2 to 4687AF4F is already complete. The key 96563E79 is new, so here it is in full beauty:

$ gpg  --keyid-format=0xlong   --fingerprint   --list-secret-keys 96563E79 
sec   4096R/0x942882D696563E79 2014-01-26
      Key fingerprint = B213 F65C 0C8D B6F9 9434  E92B 9428 82D6 9656 3E79
uid                            Toni Müller 
uid                            Oeko.neT Vertrieb (Verteiler) 
uid                            Toni Müller 
uid                            Antonius Müller (do not use) 
ssb   4096R/0xB6C2F7CE1A3AB4A6 2014-01-26

My old keys are:

sec   1024D/8419E0DB68BDA342 2000-10-26 [expires: 2015-01-23]
uid                          Toni Mueller 
uid                          Oeko.neT Vertrieb (Vertriebs-Verteiler) 
uid                          Antonius Mueller (mostly unused) 
uid                          Toni Mueller (satisfy NSI) 
ssb   1024g/E03888410B1E8B40 2000-10-26


sec   1024D/7E8114A075CB1AD2 2000-11-02 [expires: 2015-02-22]
uid                          Toni Mueller 
uid                          Toni Mueller 
uid                          Toni Mueller 
ssb   1024g/5D462C25696AD87C 2000-11-02

The old key, 0x7E8114A075CB1AD2, will be phased out during 2012, and an update with an expiry date will be posted. I'll start to use the new key, 0x8A0A48874687AF4F, immediately. The key is already downloadable from the keyservers.

If you signed any of my old keys, please consider signing my new keys, too.

The 0x942882D696563E79 key replaces the key 0x8419E0DB68BDA342 and should be used for any new messages.

Key Usage Policy

I use my keys to encrypt email, chats, and sign software packages.

The key 4687AF4F is mostly used in free software activity and private communications, and the keys 8419E0DB68BDA342 and 942882D696563E79 are mainly used for work related stuff, usually in conjunction with my company.

Key Signing Policy

I sign keys of people whom I have made a reasonable attempt at verifying their identity to me in a plausible way. To prove your identity, I need an official document, like your ID card, that must bear reasonable semblance with your key. Like, if your name is "Tim", but your ID card says "Timotheus", I might sign an ID with only "Tim", too.

If you want to keysign with me, but are concerned about network discovery by signature analysis, please request a local signature instead of a normal signature.

I do not sign keys shorter than 2048.


The next step will be transitioning to subkeys.

This is work in progress, please be patient, and stay tuned.