PGP/GnuPG

(If you already know about PGP and/or GnuPG, please take a look at my key signing policy and exceptions.)

The internet in general is an insecure medium for communication by which only completely non-sensitive information should pass without some form of encryption.

I use GNU Privacy Guard (aka GnuPG or GPG), which allows me to encrypt, decrypt, cryptographically sign, and verify others' signatures on messages to and from other users of GnuPG or other OpenPGP-compatible programs. If you're a GNU user and have never heard of this, The GNU Privacy Handbook is recommended reading. Windows and Mac users can use GPG, too, but the process is a bit less intuitive; refer to gnupg.org if you're curious.

My public key is posted for your convenience, and here is what its fingerprint data should look like:

pub: 1024D/7885DAFC 2006-07-25
fpr: A0E6 3851 9ABB 112E 7303
     DD91 7A2E 91FB 7885 DAFC
uid: Peter S. May <psmay@halfgeek.org>
uid: Peter S. May <me@psmay.com>

You must not trust the key data posted here without taking precautions. After all, what if my site's been hacked and someone posts bogus key data? If that were to happen, and you blindly used the keys from this site to encrypt a message to me, the attacker is who gets to read it.

Don't be tempted to dismiss this as paranoia. Firstly, it is entirely within the realm of possibility. (Dreamhost's low rates unfortunately don't buy you a lot of security.) Secondly, if you automatically believe whatever is posted on this site as the truth, all the crypto in the world won't help you, so don't bother with it.

Besides, verifying that my public key is actually mine is fairly simple.

You're welcome to mail me about any questions or curiosities you might have on the subject.