Encryption & Signing Keys

This is the authoritative reference for my public keys to verify code artifacts and other things I have cryptographically signed.

For encrypted communication, contact me via Signal (user mdekstrand.51).

SSH

I have two primary SSH keys, one for personal computers and another for work computers. When using SSH keys to sign code artifacts, these are the keys I use. They are also logged in my GitHub and Codeberg profiles.

My personal key:

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPux7cpTpa5b3y7KHePwiQhE6Oe86cMnf88qJmfbSI9z

My university key:

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICqASBDs1aJlssiijt/lQFhHOyptY/AT1RuXLL3OT7/2

PGP

I no longer use PGP for e-mail or communication, for quite a few reasons — see The PGP Problem for an overview of PGP problems and alternatives.

I used to use PGP for signing and encrypting e-mail, file storage, and a few other purposes. I have replaced those uses with more specific appropriate technologies, such as age and Signal. This documents the PGP keys I used to use and their fingerprints.

Expired / Revoked / Obsolete Keys

I have several prior keypairs. Some are expired and/or directly revoked. Others are also obsolete, as I have lost the private key and revocation certificate. I have no reason to believe these keys are compromised — so far as I know, no one else has the private key either — but they should not be used.

7557 2AE7 17ED 2F00 B049 619C B4B3 2975 ADC0 E31A: An old primary key from the last time I was actively using PGP for communication, managed with a smartcard. Expired July 18, 2018. View on keys.gnupg.net. 2C72 9878 7AAE D8B1 5AE2 2565 0909 5304 B705 7427; My old primary personal PGP key, for md@ekstrandom.net. Expired July 20, 2017. View on keys.gnupg.net. 30B2 E071 7C75 3283 C0FD 2935 4D21 D8CF A5EA B602; My Texas State University key, associated with ekstrand@txstate.edu and m_e114@txstate.edu. Expired July 31, 2016. View on keys.gnupg.net. 8E05 369F 566E DF16 73C3 4B4D 7EA4 E178 D33C DFDE; My UMN key, associated with ekstrand@cs.umn.edu and ekstr041@umn.edu. View on keys.gnupg.net F50DA0660B3304364029D5E302774EBD964D9403; Abandoned code-signing key. I no longer have the private key attached to this key.

17E5376C — old personal key for michael@elehack.net. I revoked this key on Jan 1, 2014, to replace it with B7057427 and a new key management regime. View on keys.gnupg.net.
78DBE585 — revoked obsolete personal key
2507F50B — revoked obsolete school key
1869A9D5 — obsolete personal key
A1C7338E — obsolete personal key
C1934DCC — obsolete personal key

Key Signing Policy

I used to have a key signing policy here. I no longer do keysigning except in rare circumstances, so I have removed the policy.