History
This page was created when I went through all my GPG/PGP keys and decided to start afresh and revoke all my old keys. Since I had several backups of my old keys and I had no idea if any encrypted backup has become lost, I felt the best option was to start again.
Below are all the GPG Keys I've ever used, excluding short-purpose testing ones, and links to the public keys for each.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
The following key is my "Master Signing Key" and is only used for new key creation. At a later date it will also be used for signing keys of others that I have been able to positively identify as both owning the key and verified their true identity. Until then, this key will only be used for signing keys I have created myself. The secret part will never be used on a computer that is not secure and is never stored electronically unencrypted.
pub 2048R/9DE6BB74 2010-03-14 [Copy of 9DE6BB74 Public Key]
Key fingerprint = AE04 BA84 CDC9 6DD4 F2B3 D1EB 4EEB 0C68 9DE6 BB74
uid John Cook (Master Signing Key) <mastersigner@watfordjc.com>
uid John Cook (Master Signing Key) <mastersigner@johncook.co.uk>
sub 2048R/E43E46CD 2010-03-14 [revoked: 2010-03-15]
Note: Sub-Key 2048R/E43E46CD (encryption) has been revoked and not replaced - this key should no longer be used for encryption.
The following keys are in current use and are used for signing and encryption:
pub 2048R/6F84B8B4 2010-03-14 [expires: 2018-08-17] [Copy of 6F84B8B4 Public Key]
Key fingerprint = 8E2B 547F 206C DF25 F530 C1B2 D12D B0AF 6F84 B8B4
uid John Cook <watfordjc@googlemail.com>
sub 2048R/CB6457F5 2010-03-14 [expired: 2011-02-14, revoked: 2011-02-14]
sub 4096R/E17F7D11 2010-03-14 [expired: 2010-06-12, revoked: 2010-07-06]
sub 4096R/4C116641 2010-07-06 [expired: 2010-09-10, revoked: 2010-09-11]
sub 4096R/18E126BC 2010-09-11 [expired: 2010-12-10, revoked: 2010-12-13]
sub 4096R/75E9345B 2010-12-13 [expired: 2011-02-14, revoked: 2011-02-14]
sub 4096R/90FD3123 2011-02-14 [expired: 2011-05-15, revoked: 2011-06-10]
sub 4096R/21917B03 2011-02-14 [expired: 2012-02-14, revoked: 2012-03-08]
sub 4096R/AD34EBA3 2011-06-10 [expired: 2011-08-09, revoked: 2012-03-08]
sub 4096R/E97AC181 2012-03-08 [expired: 2013-02-14, revoked: 2014-02-08]
sub 4096R/75581379 2012-03-08 [expired: 2012-06-07, revoked: 2013-01-20]
sub 4096R/AB1EAC67 2013-01-20 [expired: 2013-05-10, revoked: 2014-02-08]
sub 4096R/B219F35D 2014-02-08 [expired: 2015-02-08, revoked: 2016-08-17]
sub 4096R/46CC2B84 2014-02-08 [expired: 2015-02-08, revoked: 2016-07-17]
sub 4096R/448DDCDE 2016-08-17 [expires: 2017-08-17]
sub 4096R/AF066035 2016-08-17 [expires: 2018-08-17]
pub 2048R/4656E9D2 2010-03-14 [expires: 2018-08-17] [Copy of 4656E9D2 Public Key]
Key fingerprint = 1DDD EFBB F6FF D2E8 2E29 0C45 E841 5C73 4656 E9D2
uid John Cook <john.cook@watfordjc.com> [revoked: 2015-08-07]
uid John Cook <john.cook@johncook.co.uk>
sub 2048R/C1118178 2010-03-14 [expired: 2011-02-14, revoked: 2011-02-14]
sub 4096R/F50675D0 2010-03-14 [expired: 2010-06-12, revoked: 2010-07-07]
sub 4096R/C647D2F0 2010-07-06 [expired: 2010-09-10, revoked: 2010-09-11]
sub 4096R/14B5AA96 2010-09-11 [expired: 2010-12-10, revoked: 2010-12-13]
sub 4096R/BE6316A3 2010-12-13 [expired: 2011-02-14, revoked: 2011-02-14]
sub 4096R/8236DB0E 2011-02-14 [expired: 2011-05-15, revoked: 2011-06-10]
sub 4096R/002C05D6 2011-02-14 [expired: 2012-02-14, revoked: 2012-03-08]
sub 4096R/7A1D635D 2011-06-10 [expired: 2011-08-09, revoked: 2012-03-08]
sub 4096R/DEFA2951 2012-03-08 [expired: 2013-02-14, revoked: 2014-02-08]
sub 4096R/CDCC9F31 2012-03-08 [expired: 2012-06-07, revoked: 2014-02-08]
sub 4096R/A1BE4905 2014-02-08 [expired: 2015-02-08, revoked: 2015-08-07]
sub 4096R/9F99B2DF 2014-02-08 [expired: 2015-02-08, revoked: 2015-08-07]
sub 4096R/8BC51644 2015-08-07 [expired: 2016-08-06, revoked: 2018-08-17]
sub 4096R/09FCAF30 2015-08-07 [expired: 2016-08-06, revoked: 2018-08-17]
sub 4096R/505EAB62 2016-08-17 [expires: 2017-08-17]
sub 4096R/ABAEB9F3 2016-08-17 [expires: 2018-08-17]
pub 2048R/C7F36802 2010-03-14 [expires: 2018-08-17] [Copy of C7F36802 Public Key]
Key fingerprint = AA45 A450 B2FB 8A70 38DF E159 628A E844 C7F3 6802
uid John Cook <john.cook@thejc.me.uk>
sub 2048R/447B5551 2010-03-14 [expired: 2011-02-14, revoked: 2011-02-14]
sub 4096R/237FAC00 2010-03-14 [expired: 2010-06-12, revoked: 2010-07-07]
sub 4096R/C0D46793 2010-07-06 [expired: 2010-09-10, revoked: 2010-09-11]
sub 4096R/92E18A03 2010-09-11 [expired: 2010-12-10, revoked: 2010-12-13]
sub 4096R/2AFF293F 2010-12-13 [expired: 2011-02-14, revoked: 2011-02-14]
sub 4096R/54FE5908 2011-02-14 [expired: 2011-05-15, revoked: 2011-06-10]
sub 4096R/F39E9AAC 2011-02-14 [expired: 2012-02-14, revoked: 2012-03-08]
sub 4096R/5B805229 2011-06-10 [expired: 2011-08-09, revoked: 2012-03-08]
sub 4096R/B0305CC3 2012-03-08 [expired: 2013-02-14, revoked: 2014-02-08]
sub 4096R/E8841F04 2012-03-08 [expired: 2012-06-07, revoked: 2014-02-08]
sub 4096R/EC01B503 2014-02-08 [expired: 2015-02-08, revoked: 2018-08-17]
sub 4096R/B835A335 2014-02-08 [expired: 2015-02-08, revoked: 2018-08-17]
sub 4096R/B93B301D 2016-08-17 [expires: 2017-08-17]
sub 4096R/F7C53491 2016-08-17 [expires: 2018-08-17]
pub 4096R/239C495E 2011-06-10 [expires: 2018-08-17] [Copy of 239C495E Public Key]
uid John Cook (DNS Administrator, WatfordJC.com) <hostmaster@watfordjc.com> [revoked: 2016-08-17]
uid John Cook (DNS Administrator, JohnCook.co.uk) <hostmaster@johncook.co.uk>
sub 4096R/103D19C2 2011-06-11 [expired: 2012-06-10, revoked: 2014-02-08]
sub 4096R/A59BA49E 2011-06-11 [expired: 2011-09-09, revoked: 2014-02-08]
sub 4096R/27E8A64B 2011-09-08 [expired: 2011-12-07, revoked: 2014-02-08]
sub 4096R/E0B1BE6D 2012-03-08 [expired: 2012-06-07, revoked: 2014-02-08]
sub 4096R/499395C3 2014-02-08 [expired: 2015-02-08, revoked: 2016-08-17]
sub 4096R/7493C180 2014-02-08 [expired: 2015-02-08, revoked: 2016-08-17]
sub 4096R/42E65BE2 2016-08-17 [expires: 2017-08-17]
sub 4096R/659BE04E 2016-08-17 [expires: 2018-08-17]
pub 4096R/D6498FBA 2016-08-14 [Copy of D6498FBA Public Key]
Key fingerprint = A9AE 7BD6 99B9 4178 F4B8 9F8C 8C5E 2CC1 D649 8FBA
uid John Cook <package-maintainer-f511-b4f5@johncook.co.uk>
sub 4096R/B7900C8B 2016-08-14
pub 4096R/BBE5DE6F 2016-08-17 [Copy of BBE5DE6F Public Key]
Key fingerprint = B67D 120B DA49 8C2C 6695 9B03 1CBF 612D BBE5 DE6F
uid John Cook <debcoder-f8cc-16ba@johncook.co.uk>
sub 4096R/092B785C 2016-08-17
The following keys have been revoked and are no longer used for signing or encryption:
pub 2048R/71FA3812 2010-03-08 [revoked: 2010-03-14] [Copy of 71FA3812 Public Key]
Key fingerprint = 053B BF88 BADC E341 0346 EDD5 3A4B 2387 71FA 3812
uid John Cook <john.cook@thejc.me.uk>
pub 2048R/43F159F0 2010-03-08 [revoked: 2010-03-14] [Copy of 43F159F0 Public Key]
Key fingerprint = 31CB 4EC3 5A20 6210 600D 3A4D 891D 0ADA 43F1 59F0
uid John Cook <john.cook@watfordjc.com>
pub 1024D/8C4CEBB8 2007-05-29 [revoked: 2010-03-14] [Copy of 8C4CEBB8 Public Key]
Key fingerprint = 47F8 2E3C 871C C4D6 5BC1 8DA4 3262 0277 8C4C EBB8
uid John Cook <john.cook@thejc.me.uk>
pub 1024D/584AED57 2007-05-29 [revoked: 2010-03-08] [Copy of 584AED57 Public Key]
Key fingerprint = BE27 2923 79DA 6B9E CE78 7056 082D 70BA 584A ED57
pub 2048R/C5009D27 2007-05-30 [revoked: 2010-03-08] [Copy of C5009D27 Public Key]
Key fingerprint = 513F 3040 5DD2 FE47 8023 B4EE 752B E201 C500 9D27
pub 1024D/8FCF5FBB 2007-05-29 [revoked: 2010-03-08] [Copy of 8FCF5FBB Public Key]
Key fingerprint = 0BDD 9296 5E61 8161 4EAD 91EE CB4F BE95 8FCF 5FBB
pub 1024D/B6A00510 2007-05-29 [revoked: 2010-03-08] [Copy of B6A00510 Public Key]
Key fingerprint = DEC4 B545 5920 0B0D 6EB2 CD5A 1EEB 17E7 B6A0 0510
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJXtI+5AAoJEJLDUlNQXqtiEpYP/0hk2YXyk/e5agK+YmBagdHB U7vL4slSCWRFsqY7WRd3FGUP44dTqHuxw+ZxKk7R2jjCyXOUPWSYgixaDEIIdksk cDcuccqvEDiaapMM+MlWBcmOX4bob7B/Tjk/PsmWor0UxGOXRVzQKJZYUp/MOq5U T8fXnNpi5VsdfaAduw8w9m8qhHDG/uBS8tyro6mkMca+83BEASZ8d+AcFjEh2xoR USA/UEJ/NJN8IsDcLptVFiU4+UxIJdJ+8X16suoUYB9QMRjO1vtK3jNdbu1B4Rvm NaB1YzeTfpmrhLkvP+vL7ZLsnOJGY6MoQBmZCJLduqc36GmdBQqGL6RjV5iF9E2x W5D4bmuEJTrQdSHc7hz7C6eKKKep3O57aw+0VecZ4DWWI26rPOU0MceveuIZFc06 i9JIyJsnN+YSnX/FdkjssNjpH7JeADfJb06N4vfFk9fQWQFQYmhAHLeiAM20bzT7 FB1uSqeIcGXHhFTWGZSjohtrQPbPZB/5iu+HzYmoRTcc0QqhmD8tqg/9PfHmOPQJ 4MBvB4S/oL6vRYHSzILzD8hxVp7KzO0mu9PecyevIFRLTvZq0X0DwATatM359V1C ZRDkNUk6hgSSSyepnlxZxS70fYO6EDKCL5WDU77pLfvf0qD/4gt4IosKVZfRXEiU WhuxN7ndQ3POqbgMJbti =FkgT -----END PGP SIGNATURE-----
Note: PGP Signature is on the HTML-stripped content of the page, not the source code.
Update 2014-08-02: Copying the signed message block to the clipboard in Firefox and Chrome (and presumably those browsers using the same engines) should result in text that passes verification. Internet Explorer and Opera (and presumably those browsers using the same engines) create faulty output (they indent the text).
I have attempted to create a workaround but it didn't work, and I don't particularly want to create a text file that includes e-mail addresses in plain text because it would give spammers an easier time scraping them (html with pre tags also resulted in bad signatures).
Note for future reference: command used to create original list was gpg --fingerprint > keylist.txt
I then searched and replaced all instances of < and > with < and > respectively. I replaced @thejc.me.uk, @watfordjc.com, @googlemail.com, and @johncook.co.uk with @thejc.me.uk, @watfordjc.com, and @googlemail.com, and @johncook.co.uk respectively.
New Key Creation
For creating a new key, I first need to import the private key for my master signing key.
gpg --decrypt '/media/veracrypt1/Backup/Temp/My Keys/Private Keys/Keypairs Armoured/9DE6BB74 - Master Signing Key - mastersigner.watfordjc.com/New -new-email- without encryption/secret-key-9DE6BB74-2011-06.asc.asc' | gpg --import
I then create a new key, and for this I am creating an SSH key for Ubuntu Launchpad to upload to my PPAs and am doing this from within a KVM:
gpg --gen-key
1
4096
2y
y
John Cook
package-maintainer-f511-b4f5@johncook.co.uk
o
passphrase
I then grab the key fingerprint (573B FD6B 3D8F BC64 1079 A6AB ABF5 BD82 7BD9 BF62) and then run it through echo piped to sed to remove the spaces:
echo '573B FD6B 3D8F BC64 1079 A6AB ABF5 BD82 7BD9 BF62' | sed 's/[[:space:]]//g'
573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
I need to edit the key:
gpg --edit-key D6498FBA
First, I want to change the preferences so they make security better:
setpref SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
After agreeing to updating the preferences (y
), save
the changes.
After submitting it to the keyservers (gpg --send-key D6498FBA), I can then sign it from my laptop.
gpg --keyserver keys.gnupg.net --recv-key D6498FBA
gpg --fingerprint D6498FBA
gpg -u 9DE6BB74 --ask-cert-level --cert-notation "@comment=This signature certifies same owner for both keys." --sign-key D6498FBA
gpg --keyserver keys.gnupg.net --send-key D6498FBA
Back over on the KVM:
gpg --keyserver keys.gnupg.net --recv-key D6498FBA
gpg --fingerprint --list-options show-notation --list-sigs D6498FBA
Now, I just need to sign my master key with my new key. Because I have modified my UIDs in my master key, the keyservers don't have the latest key yet, so on my laptop...
mount ~/Scripts/mount_PC2-JC.sh
gpg --armour --export 9DE6BB74 > /mnt/home.johncook.co.uk/home/www/var/www/johncook_co_uk/downloads/gpg-keys/9DE6BB74.asc
cp -avr /mnt/home.johncook.co.uk/home/www/var/www/johncook_co_uk/downloads/gpg-keys/* /mnt/home.johncook.co.uk/home/www/var/www/dev_johncook_co_uk/downloads/gpg-keys/
Over on my KVM:
curl 'https://web.johncook.co.uk/downloads/gpg-keys/9DE6BB74.asc' | gpg --import
gpg -u D6498FBA --ask-cert-level --cert-notation "mastersigner@johncook.co.uk=Key with fingerprint 0x573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 has the same owner as this key" --sign-key mastersigner@johncook.co.uk
n
1
sign
3
y
save
gpg -u D6498FBA -a --export mastersigner@johncook.co.uk
Back over on my laptop, paste the output after typing gpg --import
and then hit enter a couple of times and press CTRL+D.
If I want to do so, upload the key with the new signature.
Having finished with my master signing key, I can now remove the ability for it to sign.
gpg --delete-secret-key mastersigner@johncook.co.uk