My full PGP key can be downloaded here. This is my PGP key information:

  • Short Key ID: 0x964C8E61
  • Fingerprint: 0C1A 97B5 330D 653A 4470 1E6D E787 7B8C 964C 8E61
  • Key Algorithm: RSA, 4096

Please, note that I recently added an e-mail address to my existing PGP key. This doesn’t change the key fingerprint, and packages signed with my old e-mail address will still be verified, but if you want to verify anything signed with my new e-mail address, you’ll have to update your local public key.

How to import the PGP public key file

Either fetch it from a keyserver:

gpg --keyserver hkp:// --recv-keys E7877B8C964C8E61

Or download it manually

curl | gpg --import

What can you use my PGP key for?

  • To encrypt your message so that only I can read it.
  • To verify a signed Git commit or tag in one of my repositories.
  • To verify a signed package I made.

I’d like to provide more information on these topics soon, either as text on this blog or as a video. However, to be honest I only know a little about PGP and my knowledge on PGP fulfits these use cases (signing packages and commits).

Please, do NOT sign my PGP key unless we have physically met. This can break the trust on the PGP key itself, as technically you can’t know by just visiting this site that I’m actually who I’m claiming to be. My PGP key hasn’t actually ever been signed yet, mostly because I don’t usually met people who uses PGP – is this thing actually in use?

On a related note, I have a Keybase profile. You can use it to either securely contact with me or verify that a social network profile or website claimed as mine is actually mine.