Update key signing policy with information about my master signing key and security

This commit is contained in:
Jesper Hess 2015-02-17 16:12:31 +01:00
parent 73db01d006
commit 5f0662590a
2 changed files with 33 additions and 13 deletions

View file

@ -39,3 +39,13 @@ I generally only sign keys with trust levels 0x12 and 0x13.
* I will sign your key if we cannot meet in person but someone I ultimately trust notifies me that you want a signature, and gives me your key id verbally or in person. * I will sign your key if we cannot meet in person but someone I ultimately trust notifies me that you want a signature, and gives me your key id verbally or in person.
* I will sign your key without meeting in person if I know you very well personally (such as working with you, going to school with you, family etc.) and we can exchange key fingerprints in another fashion such as over the phone. * I will sign your key without meeting in person if I know you very well personally (such as working with you, going to school with you, family etc.) and we can exchange key fingerprints in another fashion such as over the phone.
## My private master key
My private master signing key is only be used for the following purposes:
* Add or revoke UIDs
* Add or revoke subkeys
* Sign other people's keys
My private master key is generated and stored offline on a clean, air-gapped machine that is always booted fresh with the latest version of [Tails](https://tails.boum.org/). The private master key has never and will never be exposed internet and is protected by a long, secure passphrase.

View file

@ -42,19 +42,29 @@ I generally only sign keys with trust levels 0x12 and 0x13.
* I will sign your key if we cannot meet in person but someone I ultimately trust notifies me that you want a signature, and gives me your key id verbally or in person. * I will sign your key if we cannot meet in person but someone I ultimately trust notifies me that you want a signature, and gives me your key id verbally or in person.
* I will sign your key without meeting in person if I know you very well personally (such as working with you, going to school with you, family etc.) and we can exchange key fingerprints in another fashion such as over the phone. * I will sign your key without meeting in person if I know you very well personally (such as working with you, going to school with you, family etc.) and we can exchange key fingerprints in another fashion such as over the phone.
## My private master key
My private master signing key is only be used for the following purposes:
* Add or revoke UIDs
* Add or revoke subkeys
* Sign other people's keys
My private master key is generated and stored offline on a clean, air-gapped machine that is always booted fresh with the latest version of [Tails](https://tails.boum.org/). The private master key has never and will never be exposed internet and is protected by a long, secure passphrase.
-----BEGIN PGP SIGNATURE----- -----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJU4ussAAoJEDUaieQNdj8PlCoP/jFLeGghDgPCoC1KGwT81+Jh iQIcBAEBCgAGBQJU41otAAoJEDUaieQNdj8PZo4QALlrIoTkmCAEk1VJn7t4k8Zu
0K9wbqgXIyXwcIG1xDOf/QFnh+IptJNHBhj2gyNeyuvX3eLIQ7D/QcPs07CRmO8p 9t4rpMCKQywCNwzr7gGnApDoH+XwWfO2xsPnKxmtqwY2RdSPseeDOrP4RCn0mYbF
WcGczj2Ez/LmdslkC6RkwmDplRBF+r/j5jDWUnzA4qYqO8TZJdL+9yXP6W5I2h2Z DHO5Hm2qhkQz9cGR2j2NV0+b4ITfeXkPUnP3WyNqqKfF/3irNV9bBU1kqzr/V2PD
N9F74gSjo1/5GwgWc1qA9KSnQj6cSxStS8irXda/iDH0CX4nZqYS8qIklSLGfuHz PayYWZIaxkvYkRRaLLumklP47oXjaMMcHhrKZCtDukjgG4Yk6efn4mplYIU9Odx/
uWGJg1UD94+tppkkDi4bcrSGybQGaFgmuTO7JyYv1Ahs0NIXz/HEA8rABMmuGlVa LAhDLTnaJgFUgvrfFfznwZUNvD/CIKw40Q74WjH5SknXaVnbLdOhXEmAcfSWeJuc
ucqOTsy3cYSwHiERjlc2SKamn6nagRCU2uma63Wau8O/PN8KBw7CgNBesSESx5Mg D+HInpoi6dvLEWhw4badsyJg0NlBw3Goijt4hRa5x5WqeSAZp0C9BbUAL8kHRywA
C8ReaP8ZcD8PqCqvYsNF9E3juv9kICSYi1KgwcAHulXd216I3V+f9xczvZUF0h4P FJSTNn2Yci9fG12Rmd2JhHeJmf7tF4HGFxwIMtu88vC2+Pt02wD1djlHrJ8cZhX4
xxcDiBlLOoAqcqoEu81iRw2QqDyPr17I+v89/260q7CNmbnLDcQBLWB4jcEYK1eP /byBHYTJqhmFJywT2XjY3JGxILtgMXR/Fx0u/GgfbNKbF9qHIfRU5sGnpgVPMGNQ
gBcnGnkzKML1ZGXR1eBCSX4snPhRJxv6DLvKxqntw98oI3NGR8ug0vGzNsHgB0OH ZLywudhCxQ4VViu1+DbTa70i1/XsWnJxEakU8WfykveoPC8YHCWj9ELci83iJEjL
SAkeJzl7LhJb+5NDzzKKWXdJfXT11kqSJaFP83qOGwZW4a4h9/DeXtoR+lLde3xK ak5rz0DPrrERyZvZEnNSvxuXW4nPulDvv73Uxvqpy+x6OW/qL+yLWBBtPP6Zz7L1
KPDdHuXbScJZrsBJJ1LK14p0UcVfcWkpvseig0gTWfSRxJQ/unlT927KhWmx3oVn sgEtbQNEyZkraikqzyUJ18fGi02Bm/ZKCiZs66BaBArD/qoQyB8L50pIby9bqr8E
YN8td0U76iFeeXogWeBy KoiiZCs4pLjny/CjNj2Y
=RTFG =54zI
-----END PGP SIGNATURE----- -----END PGP SIGNATURE-----