Do you want me to sign your key? Here's how to do it:
You better want to sign my key as well!
Meet me somewhere reasonable for tea or a meal and pleasant conversation.
Give me a hard copy of your key's fingerprint and any photo IDs on it.
Let me check two of your identity documents. One of them must have your picture.
Afterwards, when I'm somewhere I think it's safe to certify, I'll sign your key and send it back to you.
Easy enough? If you want more details, you can read all the stuff below.
This policy is valid from 2019-02-01 for all signatures made by the GnuPG key:
pub ed25519/0x1206BA5EDDF2FDF9 2018-04-04 [C] [expires: 2021-05-04] Key fingerprint = F4D7 9338 6981 E0AC A9C4 2787 1206 BA5E DDF2 FDF9 uid [ultimate] Don San Juan Geronimo <firstname.lastname@example.org> uid [ultimate] Don San Juan Geronimo <email@example.com> uid [ultimate] [jpeg image of size 2890] uid [ultimate] Don San Juan Geronimo <firstname.lastname@example.org> sub ed25519/0xDC0A387056744A2B 2018-04-04 [S] [expires: 2021-05-04] Key fingerprint = EE1F 7325 DFBD BCC0 DFD3 6A18 DC0A 3870 5674 4A2B sub ed25519/0xA79673B8333FC968 2018-04-04 [A] [expires: 2021-05-04] Key fingerprint = E7F4 E62F E8D3 8F09 4134 8820 A796 73B8 333F C968 sub cv25519/0xAE4F8CA08CA05195 2018-04-18 [E] [expires: 2021-05-04] Key fingerprint = CA2C 93F4 3CBD 42FD 0518 4839 AE4F 8CA0 8CA0 5195 sub ed25519/0xD792A6A6A54411F8 2018-04-19 [S] [expires: 2021-05-04] Key fingerprint = 275C D5D3 06C1 D005 4AFB 4DF3 D792 A6A6 A544 11F8 sub ed25519/0x96AF810A89F1EF11 2018-04-19 [S] [expires: 2021-05-04] Key fingerprint = 91D2 533F 56A9 2525 1A72 EA87 96AF 810A 89F1 EF11 sub ed25519/0x6CD7758FEC107730 2018-04-19 [A] [expires: 2021-05-04] Key fingerprint = AB7D 7A52 0495 F262 5CAF C2E3 6CD7 758F EC10 7730 sub ed25519/0x5FC7268E77416053 2018-04-19 [S] [expires: 2021-05-04] Key fingerprint = 04DC C5DE 26FE 596F 505D 7A5B 5FC7 268E 7741 6053
The most recent version of this key is available from the URL above, from the key server at hkps.pool.sks-keyservers.net, or from keybase.io/sentamalin.
This policy may be replaced at any time with a new version. If a new version incorporates changes that might affect the strength or perceived strength of the resulting signature, the old version will be linked from the new one.
This OpenPGP Key Signing Policy is signed with the above key and by Keybase. You may download this policy and its PGP signature for reference and verification.
This is Version 4.3, written and signed 2019-02-01. Removed 'themindfulworkflow.com' e-mail.
Version 4.0, written and signed 2018-05-16. Added explanation about temporary revisions in Version Information and Changelog. Changed Levels of Signatures to only use Level 0 for certifying keys and user IDs and Level 3 for self-signatures to generalize potential social graphs. Updated Transition section to signify completion of transition. Minor word edits. Updated key expiration dates.
Version 3.0, written and signed 2018-04-18. Transition to using ECC key as the primary key in use. Added transition section with links to the transition statement. Revoked previous encryption subkey and added on, in this order, an RSA encryption subkey (for compatibility) and a CV25519 encryption subkey (which will be utilized first before the RSA key). Removed key expiration date.
Version 2.0, written and signed 2018-04-14. Transitioned all links from OneDrive to keybase.io. Added 'keybase.io' as an additional place that will count as a publically accessible key server in Prerequisites > Miscellaneous. Changed date formats to include leading zeroes. Added 'About keybase.io' section. Formatted the signing policy to Markdown. Added the image available in both keys. Added 'I will keep this copy for reference' in 'Hardcopy of Fingerprint.' Added 'Thank You For Visiting!' at the end of the document.
Version 1.3, written and signed 2018-04-03. Key fingerprint updated after updating the expiration date. Changed 'It may be replaced...' to 'This policy may be replaced...' to remove ambiguity. Added links to current document and signature to Version Information.
Version 1.2, written and signed 2017-05-07. Key fingerprint updated after revocation of the 'creativityzoo.com' user ID and addition of the 'themindfulworkflow.com' user ID. Location information was updated. Minor word changes.
I have finished my transition from the OpenPGP key with
0xF38DF8734C9BDE48 to the key with ID
0x1206BA5EDDF2FDF9. The previous key has been revoked.
Please refer to my transition statement for more
From Wikipedia: "Keybase is a key directory that maps social media identities to encryption keys (including, but not limited to PGP keys) in a publicly auditable manner. Keybase offers an end-to-end encrypted chat and cloud storage system, called Keybase Chat and the Keybase filesystem respectively. Files placed in the public portion of the filesystem are served from a public endpoint, as well as locally from a filesystem mounted by the Keybase client."
As of 2018-04-13, I have transitioned my OpenPGP Key Signing Policy from OneDrive and themindfulworkflow.com to my Keybase public files. Its feature of identity proofs allow me to prove a link, cryptographically, between my PGP keys, my social media accounts, my website, and my authorized Keybase devices. The system will check the proofs automatically, or you may check the relevant proofs manually. In short, any activity on Keybase can be proved to be done by the account 'sentamalin' on Keybase or any of the proven identity assertions (Twitter, Reddit, Github, Hackernews, Facebook, my website, and any future assertions) provided by the service. Because my PGP keys are also proven on Keybase, signing my keys will not only help build my PGP Web of Trust to prove that this key is owned by me, but will also help assert that I (Don San Juan Geronimo) am 'sentamalin.'
All files dropped into the public portion of Keybase are signed by my one of my authorized device keys. As such, my Signing Policy has been signed by one of my Keybase authorized devices in addition to my PGP keys.
I invite you to create a Keybase account of your own as another complement to your privacy tools. If you create, or already have, an account, please verify my proofs and 'follow' me on Keybase. Following is like taking a signed snapshot of my identity using your private key on Keybase, thus certifying that I am me. Following is not a web of trust; my identity can be proved even if there are no followers. However, more followers means more confidence in my identity.
I currently reside in the western suburbs of Chicago, Illinois, United States. However, as a flight attendant, my profession takes me to various places around the continental United States. As such, the easiest way to meet with me to coordinate key verification would be to contact me via e-mail or Keybase to arrange a meeting.
I utilize two certification levels:
Level 0 (0x10): I will issue this level of signature if I have met the key owner who wishes to obtain a signature to their key from me (hereafter called the "signee") in person and verified their identity according to the procedure below. Photographic UIDs will be signed at this level if I can still remember the signee's face during the act of signing. Only signing UIDs at this level helps mitigate the possibility of leaking detailed social connections.
Level 3 (0x13): This level of signature is reserved only for self signatures.
I do not utilize Level 1 (0x11) or Level 2 (0x12) certification levels.
Keys of CAs are keys owned by a whole organization and not by an individual. Usually the fingerprints of those keys have to be verified by getting them from the corresponding website of the CA and cannot be checked by the Identity Verification procedures described below. If a viable procedure for verifying the 'identity' of a CA's keys is made known to me, I will add procedures for keys of CAs to the Identity Verification section. Until then, I will not sign keys owned by CAs.
The signee must prove their identity to me by way of a national ID card, a driver's license, or a similar identity document. The identity document must feature a photographic picture of the signee. This also implies that the signee's key must feature their real name.
In addition, the signee must provide a secondary form of identification that includes their name, with or without a picture. Acceptable examples include, but are not limited to, a business card, a conference badge, a credit card, or an additional identity document as defined in the last paragraph.
The signee should have prepared a printout of the output
gpg --fingerprint for their key (or the equivalent
command of their OpenPGP client). I will keep this copy
A hand-written sheet featuring the key ID, the fingerprint, and all user IDs the signee wishes to obtain a signature to will also be accepted.
If the signee wishes to obtain a signature to a photographic user ID, the printout should contain the image of that photographic user ID. A printout or photocopy of a photo clearly showing the same person as in the photographic user ID will also be accepted.
The above must take place under reasonable circumstances, i.e. at a calm place, both parties not being in a hurry, etc.
The signee should be willing to cross-sign with me.
At a secure location I will verify the key's fingerprint using the hardcopy of the fingerprint that has been given to me.
After successful fingerprint verification, I will sign all user IDs which I was asked to sign. Each signature is then individually sent to the email address listed in the corresponding user ID, enciphered to the signee's key.
As only the signee can decipher and thus publish the signatures, it is warranted that the email addresses listed in each user ID with a published signature belongs to the signee.
-Don Geronimo, 2019-02-01 012201Z
You Are At: