NOTICE: This project has been abandoned because my qubes installation broke and I was unable to fix it. The master key has been lost, along with the string that produced the SHA512 hash. My workflow has since changed and is back to having a GPG key announced on Keybase and various other places. I plan to pick up this project later when Qubes OS is mature enough for me to use it on a daily basis.
This contains my GPG key policy and how I deal with certain events. Feel free to clone this repository and verify my signatures.
My current regular key fingerprint is:
33E8 62AE 8952 6EF2 0AF6 E0B9 6642 BA0E D79F D349
My current master key fingerprint is:
9668 99E2 B92F 9DC6 FC2C F99F C9F9 3C8D 6D63 5D2D
My policy file is located at
This repo will be updated with:
policy.md.master.asccontaining the clear signature of my master key.
policy.md.regular.asccontaining the detached signature of my regular key
*.otscontaining the opentimestamps proof.
Then, when I feel my policy has reached a publishable stage, I will "release" it through signed Git tags. My Git tags will be signed by my regular key because of the one direction rule.
This README file is intended for policy not important enough to put into
policy.md and is likely to change from time to time as I decide what is more secure. Nothing in this file will ever contain anything vital to the security of my key policy and this will mostly consist of logistical notes to anyone who wishes to verify my GPG keys.
Basically I use my master key to sign all my regular keys, which are used in day to day operations. The master key is kept secure in an unnetworked Qubes VM. Read
policy.md to learn about the details.
Questions and Contributions
If you like gpg-policy and would like to duplicate it, please be aware that this requires either a few airgapped computers or QubesOS. Feel free to open up an issue if you have any questions or would like to discuss GPG key policies with me. I'll consider pull requests too if they have sufficient reasoning.