Software

CodesMeta
- CodesHashes
- Keys
- RSS Feed
DMRG++
PsimagLite
SpinGlassSW
FreeFermions
Lanczos++
BetheAnsatz
SpinPhononFermion

Keys

Preliminary

The below write-up assumes some familiarity with GNUPG and git. The use of git pull --verify-signatures requires git version at least 1.8. When GNUPG gpg commands are listed below, they are only meant as hints or starting points.

Step 1: Have you imported my keys before?

Have you imported my public keys before?
☐ Yes. Then Go to Step 6.
☐ No. Then Go to Step 2.

Step 2: Download my public keys

Download the keyID.txt files linked in the table below and listed as valid.

Step3: Import my public keys

gpg --import keyID.txt

where keyID.txt has to be replaced with the files you downloaded in the previous step.

Step 4: Verify my master key

You MUST verify the fingerprint of my master key, and if it matches then you SHOULD sign my master key with your key.

gpg --edit-key C3744A1F30DE79AABF1B7A33CBB8FD57167A6E04 
fpr
(check fingerprint here against table below)
sign

As an alternative, you can trust my key after checking the fingerprint

gpg --edit-key C3744A1F30DE79AABF1B7A33CBB8FD57167A6E04 
fpr
(check fingerprint here against table below)
trust
(ultimate trust)

Step 5: Verify my other keys

You MUST make sure that all my keys other than my master key are signed by my master key.

gpg --check-sigs

Step 6: Using keys to verify my commits

Make sure keys are still valid. See table below.
Re-import expired but valid keys if needed.
Adhere to key usage, as described below.
When pulling do git pull --verify-signatures instead of just git pull.
To verify a given commit git log --show-signature -1

Appendix A: Table of keys

File	Valid	Fingerprint	Usage
167A6E04	2019-06-19	C374 4A1F 30DE 79AA BF1B 7A33 CBB8 FD57 167A 6E04	Certification
805ABC35	2019-06-19	CEA3 9A64 7EC9 6419 C80E 30D8 83AC 8189 805A BC35	Code Signing
F1D9361B	NO, REVOKED		DO NOT USE
41D44F5D	NO, REVOKED		DO NOT USE

Back to step 3 above

Appendix B: Key Usage

Do not trust signatures made with expired keys. If the key is expired but shown as valid in the table above, please re-import it by going to step 6 above.
If a key is marked invalid, the revoked key will be linked in the table above with the revoked date. If so, please import the revoked key immediately.
Do not trust signatures made with revoked keys.
The master key may only be used to verify the other keys
The code signing key may only be used to verify my commits to the codes listed here.
Do not trust usage of keys for purposes not indicated in the above.
I only make commits to codes listed here.