http:// / pgp_keys.shtml

PGP Keys

I have been using PGP for many years. At first it was just something cool to play with, however I've been building mail servers and computer networks for many years- I know first-hand, exactly how easy it is for ISPs, "hackers", corporations, and governments to read other peoples' email.

And since there is no realistic way to prevent this from happening, it only makes sense to encrypt my emails whenever possible, so that even if they do happen to look at my message (out of the billions of emails which cross the internet every day) they won't be able to read it.

For the past several years I've been using the same PGP key. I have decided to stop using that key, and in fact to revoke it entirely, and create a new key instead.

This is the key I now use on a regular basis:

pub 1024D/9014AD1A 2008-08-03 Key fingerprint = 5AA4 9FD4 D245 7335 18C2 F3D9 8F8D 8C9A 9014 AD1A uid John M. Simpson <> uid John Simpson <> uid John Simpson <> uid [jpeg image of size 5148] uid John Simpson <>

(Note: this key had expired on 2011-08-03, I am still using it so I have updated the key to never expire. If you have a copy of this key and your keyring shows it as expired, please refresh the key by pulling a new copy from one of the public keyservers.)

The older keys are:

Revoked 2008-08-04 pub 1024D/3306FCFB 2002-02-27 John Simpson <> Key fingerprint = 3E71 7105 6DE0 EFA1 00B5 B12D 101F 5173 3306 FCFB uid [image of size 4420] uid John Simpson <> sub 4096g/71CF8D66 2002-02-27

Revoked 2008-08-04 pub 1024D/9EDD51D9 1998-01-05 John Simpson <> Key fingerprint = 47EC DE79 2527 83E9 08DB 7E75 708D 7E9E 9EDD 51D9 uid John Simpson <> uid Thawte Freemail Member <> uid [image of size 4420] uid John Simpson <> sub 2048g/8C0A413C 1998-01-05

Haven't used in years, passphrase unknown. Please don't use this key. pub 1024R/2FB5EDA9 1996-04-06 John Simpson <> Key fingerprint = 8F EA B0 95 6C C4 02 F8 11 1D BE 62 48 09 05 52 uid John Simpson <> uid John Simpson <>

I am trying to get as many other peoples' signatures on my keys as possible, especially since I've just started a new key. If you meet me in person and you also have a PGP key, ask me for one of my PGP Key cards. The idea is this- when I give you the card, I can also show you a more formal ID (like a drivers license) and you can verify that the person handing you the card is actually me. The fingerprints of the keys are printed on the card, so you can verify that the key is in fact the key which I generated, which means you can sign it with confidence that you're signing the right key.

After you sign the key, please send it to one of the servers, and send me an email letting me know that you've signed it.