Keys

Preliminary

The below write-up assumes some familiarity with GNUPG and git. The use of git pull --verify-signatures requires git version at least 1.8. When GNUPG gpg commands are listed below, they are only meant as hints or starting points.

Step 1: Have you imported my keys before?

Have you imported my public keys before?
☐ Yes. Then Go to Step 6.
☐ No. Then Go to Step 2.

Step 2: Download my public keys

Download the keyID.txt files linked in the table below and listed as valid.

Step3: Import my public keys

gpg --import keyID.txt

where keyID.txt has to be replaced with the files you downloaded in the previous step.

Step 4: Verify my master key

You MUST verify the fingerprint of my master key, and if it matches then you SHOULD sign my master key with your key.

gpg --edit-key C3744A1F30DE79AABF1B7A33CBB8FD57167A6E04 
fpr
(check fingerprint here against table below)
sign
As an alternative, you can trust my key after checking the fingerprint
gpg --edit-key C3744A1F30DE79AABF1B7A33CBB8FD57167A6E04 
fpr
(check fingerprint here against table below)
trust
(ultimate trust)

Step 5: Verify my other keys

You MUST make sure that all my keys other than my master key are signed by my master key.

gpg --check-sigs

Step 6: Using keys to verify my commits

Appendix A: Table of keys

File Valid Fingerprint Usage
167A6E04 2019-06-19 C374 4A1F 30DE 79AA BF1B 7A33 CBB8 FD57 167A 6E04 Certification
805ABC35 2019-06-19 CEA3 9A64 7EC9 6419 C80E 30D8 83AC 8189 805A BC35 Code Signing
F1D9361B NO, REVOKED DO NOT USE
41D44F5D NO, REVOKED DO NOT USE

Back to step 3 above

Appendix B: Key Usage