PGP Keys





I PGP sign each and every piece of mail I send, with the following exceptions:

  • To those whom have specifically requested I do not
  • To pagers (which don't need the extra bits)
Anything else should be pgp signed by my key. If it is not, or if the signature is not valid, send me a copy, and delete it.

I use a variety of keys. I have my DSA Key Signing Key which I use to sign all my PGP keys. This is the only key you need verify with me, as it is used to sign all other keys.

(I used to use an older pgp2 Key Signing Key, and will continue to sign all my keys with it, but it is deprecated. )

I generate new PGP keys for general use each year. After the creation of these new keys I stop using the old ones and update the old keys to reflect it's retired status. After using the new key I will never use the old key -- if you recieve something signed by it, same rules as an invalid signature apply.

I welcome encrypted mail. You should always use the key for that given year.

I strongly recommend that you verify my Key-Signing-Key fingerprint with me. If you are lazy, it is below. Note that if you don't verify fingerprints with me there is no chance you'll be given any trust level in my pgp.

I do not copy my keys onto untrusted machines. Thus I create a PGP key at each client for which I do work. These keys are to be used only for the email addresses listed. (e.g. the key for 'bri@example.com' should only be used for communication with me at that address)

New DSA Key-Signing-Key fingerprint:

pub  1024D/5217530F 2003-01-01 Brian Hatch (Key-Signing-Key) 
     Key fingerprint = A1AE F8A0 8571 9624 2004  9DB8 F75E 2F97 5217 530F
sub  2048g/AB6B82C6 2003-01-01

Old RSA/IDEA Key-Signing-Key fingerprint:

pub  2047/8BFD8871 1999/04/09 Brian Hatch Key-Signing-Key
     Key fingerprint =  AF D5 20 46 B4 FC 72 82 0D E6 1F 85 AA 93 34 92

Getting my keys

You've got several options:
  • All my public keys can be found in this directory. Snag them with your browser, and insert them onto your keyring.

  • I put all my keys on the MIT PGP Key Server. Use your normal pgp client to import them automatically.