🔐 Keys, Signatures, and Encryption
These are my most commonly used keys for encrypting and signing my work.
I usually sign my git commits with my PGP key.
I typically sign my emails with S/MIME; I can send and receive S/MIME and PGP encrypted email (PGP not available on the phone).
PGP Key
My PGP key is available over Web Key Directory (WKD), common Keyservers, and for download here. I typically use PGP for signing git commits, for encrypted email conversations, and for some other encryption tasks. I do not have access to my PGP key on my phone, so I cannot receive PGP encrypted email on the go. GitHub verifies my commits based on this key; double-check this key with the PGP keys on Github profile I am happy to participate in PGP key signing, even though this is hardly a thing anymore. The PGP public key site explains how I use this key in detail.
pub ed25519/0x09F1850D58C7ABD4 2021-03-22 [C] [expires: 2025-12-31]
Key fingerprint = 1BF4 0D68 8714 93F1 04AC 3387 09F1 850D 58C7 ABD4
uid Jan Philip Bernius <janphilip@bernius.net>
sub cv25519/0x2B5AEA095D0920E3 2021-03-22 [E] [expires: 2023-12-31]
sub ed25519/0xC1E164F61967BFDE 2021-03-22 [S] [expires: 2023-12-31]
💾 Download PGP Key (asc)X.509 Key (S/MIME)
S/MIME is my go-to email encryption format as of the seamless client support (including mobile) and a slightly better adoption than PGP. I am using a X.509 key for email signing and encryption issued by self-signed certificate authority.
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3d:0e:db:a6:91:6f:2e:a2:c0:ce:f0:d1:6f:39:c2:42
Signature Algorithm: ecdsa-with-SHA384
Issuer: C=DE, ST=Bavaria, L=Munich, O=Bernius Trust, CN=B20
Validity
Not Before: Oct 1 02:00:00 2022 GMT
Not After : Feb 1 02:00:00 2026 GMT
Subject: C=DE, ST=Bavaria, L=Munich, O=Dr. Jan Philip Bernius, CN=Dr. Jan Philip Bernius
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Extended Key Usage: critical
TLS Web Client Authentication, E-mail Protection
X509v3 Subject Key Identifier:
AE:9D:FA:51:AD:3C:0D:90:7B:C3:D8:66:BB:8B:31:7C:92:BE:D6:42
X509v3 Authority Key Identifier:
CC:18:1F:2B:91:3F:E2:19:08:9B:5E:1B:B3:C8:A0:7A:3A:74:76:04
X509v3 Issuer Alternative Name:
URI:https://code.bernius.net/trust/certificate-authority, email:certmaster@bernius.net
Authority Information Access:
CA Issuers - URI:https://code.bernius.net/trust/certificate-authority/raw/branch/trust/certs/b20.cert.pem
X509v3 CRL Distribution Points:
Full Name:
URI:https://code.bernius.net/trust/certificate-authority/raw/branch/trust/crls/b20.crl
X509v3 Subject Alternative Name:
email:janphilip@bernius.net
Signature Algorithm: ecdsa-with-SHA384
Signature Value:
30:65:02:31:00:a9:97:07:69:6e:6a:af:d3:75:ac:41:06:d4:
28:07:c9:e9:11:42:f4:78:ea:7b:64:06:a7:ea:0c:1e:ca:e7:
23:c0:50:c6:65:3c:87:ba:93:de:8f:35:44:7d:e0:04:70:02:
30:01:60:66:ed:d6:d3:b5:32:e6:db:09:3e:4d:82:4f:39:b1:
b4:d2:39:f2:e0:6d:ff:fa:a8:83:c2:8d:e0:21:2f:11:1e:38:
0b:a1:e9:8f:f9:ab:4a:f5:c1:6e:54:32:14
💾 Download X.509 Key (pem)SSH Key
I primarily use this key for SSH access. Ocasinally, I use it also for git commit signing (mostly when I do not have access to my PGP key; or when my PGP key is expired). You can verify this key by comparing it with the SSH keys on Github profile.
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICL4W7mpbNIr7qzlHYHsrlzFcOkb02sYj5I6Gr0efKf2 Dr. Jan Philip Bernius <janphilip@bernius.net>💾 Download SSH Key
iMessage Contact Verification Key
My primary instant messenger for personal matters is iMessage.
I have iMessage Contact Key Verification enabled.
This is my Public Verification Code:
APKTIDj-vUQobNslpnPo5RyOdIdUlB-nx7aZYku09bVot--Tn0ww
Others
While I have accounts and keys for other encryption-enabled tools such as Matrix or XMPP, these channels are an edge case and I do not list these keys here (for now).
I use a different set of keys for Work related content, especially SSH and X.509 keys. My work keys are out of scope for my personal site.