Pretty Good PrivacyHow to contact me securely & verify my messages are from me
If you contact me via email, my emails will almost always include an attachment called “signature.asc”. In that file there will be, what looks like, a random string of characters. Don’t worry, this isn’t some kind of secret code, it’s simply a method anyone can use to verify the email received came from me and wasn’t altered on the way.
The technology used here is PGP, or Pretty Good Privacy, and was developed in the early 90s as a method of securing email messages.
If you’re using a compatible email client (I personally use Mozilla Thunderbird with the Enigmail plugin) you can download my public key (see right), and use it to verify the email using the signature.
If privacy is of utter most importance (and your requirements go beyond just needing to verify that a message has come to you unaltered) you can also use PGP to fully encrypt the email contents.
My key uses RSA encryption with a 4096-bit key length.
Using encryption gives peace of mind when it comes to personal information, and when it comes to making data as secure as possible, strong encryption is key. That’s why my key exceeds the NISTs recommendation on key sizes. This means messages signed or encrypted with it should remain safe for 15+ years.
For added security, my key has an expiry date set. This is to ensure if I’m unable to update my key should the worst happen to me, or I’m unable to access my key, there is a fail-safe kill switch. However this does mean that when the key expires messages can no longer be sent. This shouldn’t be a problem however as keys can be updated and sent to the key server to be picked up by others who have the key in their key chain.
My current key expires on 2021-05-11