-
Notifications
You must be signed in to change notification settings - Fork 3
/
PGP_policy.txt
112 lines (93 loc) · 5.43 KB
/
PGP_policy.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
==================================================================
OpenPGP key signing policy for Max Hillebrand <max@towardsliberty.com>
Fingerprint: 5722 3FE1 FF39 BB1E 3FEA 6694 0F01 0959 E6C5 120C
Policy URL: https://towardsliberty.com/contact/PGP_policy.txt
Public KEY: https://towardsliberty.com/contact/PGP_Pubkey_MaxHillebrand_0x0F010959E6C5120C.asc
Created: 2021-08-24
==================================================================
INTRO
This document explains my personal policy when signing OpenPGP
keys belonging to others and security precautions taken to
protect to my own key.
SIGNING POLICY
+------+---------------------------------------------------------+
| TYPE | SIGNATURE TYPE AND WHAT IT MEANS |
+------+---------------------------------------------------------+
| sig0 | UNDEFINED Signature type |
| | This type of signature offers no guarantees about the |
| | level of verification. I only certify that I am |
| | reasonably convinced this key is owned by the person, |
| | group, or pseudonym indicated. |
+------+---------------------------------------------------------+
| sig1 | WEAK Signature type |
| | I have signed this key without meeting the person face |
| | to face, but have determined that they are almost |
| | certainly the owner of this key. This signature type |
| | is rarely used, but might indicate that I have verified |
| | the key is owned by a particular project maintainer and |
| | that key was used to sign a unique email to me and |
| | to decrypt a message from me correctly. |
+------+---------------------------------------------------------+
| sig2 | MEDIUM Signature type |
| | I have met this person (or verified in some unambiguous |
| | way for a group key or pseudonym). I may or may not |
| | have checked their government ID. I have checked the |
| | PGP fingerprint. I have also confirmed that they can |
| | decrypt messages sent to the email address listed and |
| | sign messages using this key. |
+------+---------------------------------------------------------+
| sig3 | STRONG Signature type |
| | I have met this person face-to-face and carefully |
| | checked their PGP fingerprint and that the name on this |
| | key ID matches the name on their government ID. I have |
| | also confirmed that they can decrypt messages sent to |
| | the email address listed and sign messages using |
| | this key. If the UID indicates only a pseudonym, a |
| | government ID check might be replaced with equivalent |
| | verification of my choosing, but similar confidence. |
+------+---------------------------------------------------------+
SIGNING PROCEDURE
Key fingerprint and UID is checked according to the policy above.
The user's key is then brought to an air-gapped environment and
appropriate signature is made using the master key (kept offline).
The keys are then brought back to an online system and each sig
is emailed to its respective UID in an encrypted and signed email.
MY KEY
pub rsa4096/0x0F010959E6C5120C 2021-08-24 [C]
Key fingerprint = 5722 3FE1 FF39 BB1E 3FEA 6694 0F01 0959 E6C5 120C
uid [ultimate] Max Hillebrand <max@towardsliberty.com>
sub rsa4096/0x19544EF3C3513C3C 2021-08-24 [S] [expires: 2023-08-24]
sub rsa4096/0x2F3C03B304C6593A 2021-08-24 [E] [expires: 2023-08-24]
sub rsa4096/0xCDA8575A9E62CF9B 2021-08-24 [A] [expires: 2023-08-24]
KEY SECURITY
The master key and its subkeys were generated in an air-gapped,
stateless environment. The master key was then backed up in an
encrypted archive with strong password and stored in such a way
that it cannot be reached from outside the air-gapped environment
except in an emergency (to revoke, etc). The master key archive
has never been opened outside this secure environment.
Subkeys (embedded in a YubiKey device on the air-gapped computer)
are used daily for work, but if lost cannot be extracted from the
Yubikey without advanced lab equipment. The YubiKey is physically
protected and uses a PIN.
In the event of a breach of the YubiKey, subkeys may be revoked
and new subkeys issued without affecting the offline master key.
I maintain a revocation certificate for use in case the master key
is compromised.
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEHqxGRakq0durF/DjGVRO88NRPDwFAmEk7RUACgkQGVRO88NR
PDzVGg//eRgHTLVC97j1ROr0ctf7hl5sRujVaAgzheThjRgSS+8eLXsPV+SCyu8a
ZfhBWK5glgcUWdtZzvOnDEIm14ShOWVsfidA0NMTZjPwcjGyztPpfFD6gBKWmtVQ
omGpjZYmYniZesw5u0XYzHXc1sFqDET6e3w5TKBxmFmOBgT0ysQ2/wWtYbudFwK6
e1Vjv/44d+k7qp5gcegfTNFf0RGw866VKMyo7LvsFPvR1wYpBJuexsSsQHAzw6oQ
ZI/f5xGkh5fIzY/jcEokg91E8qSqt2Le0HvAiXb2vUyZqG/7J25kfqa970I7R+0V
HxWBEXtJZ/j4XwBo20C4HhaPrVfPg5rOR7qyVzx1KvycIjp3ARZQMLknPM9RctzU
NAimzIsgVLv7ImWmrbywn0Xo4HvgdfmQLx6HDmh97YX8VGlD7oN9dr6dcC9G7+Ws
C54PGFUBZxOAUqYCRTEQIWSL7PvaeQ7GjjPCow2vsVg5LnV9fjnlz+zBh1Krr7rt
bY1wKX4S3dlklQcGHyuNBmVHQ8ct3pW+7Sv3rzpQxYh9bvFQX+JZjmeg1tfFZvba
3JoHCPIkXFqQ4zovj16QUXzLzni9w8jNY+txgEmEm3U6DtWR5ks0QKaMNiNl9MaY
hELuJgJRTJ/7vEk+Bh5d/DnYCvyllqmaRBnJ/BZlfJZ5E/K90jk=
=PARI
-----END PGP SIGNATURE-----