smkent's PGP key and key signatures policy document
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

Hash: SHA512

Document version: 2016.09.27 (history)


My PGP public key fingerprint is 0342 C809 99FB 1A06 FD0F 9533 8392 C992 D925 00A9.

The source of this document is signed with that key. Please verify that the signature is still valid. Verification of the current version of this document can be performed using GnuPG:

gpg --recv-keys 0x0342C80999FB1A06FD0F95338392C992D92500A9
wget -O- | gpg --verify

To verify a prior version, replace master in the above URL with the git commit ref corresponding to the version you would like to verify.

Key signing policy

I am willing to sign PGP keys when provided with sufficient proof of identity and private key ownership.

I use the PGP key signature levels are as follows:

  • I do not create new level 0 signatures ("I will not answer"). Existing level 0 signatures predate the existence of this document and indicate that the key owner is well known to me.
  • I do not create level 1 signatures ("I have not checked at all").
  • I create signatures at level 2 ("I have done casual checking") and level 3 ("I have done very careful checking").

See below for how to request a signature. If you request that I sign your key, please be willing to sign my key as well.

I have done very careful checking (Level 3 signature)

  • I am willing to sign your key if you are personally well known to me.
  • I am willing to sign your key if we exchange full PGP key fingerprints and government-issued photo IDs, either in person or via end-to-end encrypted video conference. Acceptable photo IDs are one of a United States passport, state driver license, or state ID card.

To request a level 3 signature, contact me at the e-mail address in my public key.

I have done casual checking (Level 2 signature)

I am willing to sign your key if you provide me with a color scan that includes the following:

  • A government-issued photo ID (United States passport, state driver license, or state ID card). Only your name and the photo are needed to verify your identity, so you may conceal or remove additional personal information if you prefer.
  • A handwritten copy of both your full public key fingerprint and e-mail address.

To request a level 2 signature, send a signed and encrypted e-mail containing the above information to the e-mail address in my public key.

Signature creation and delivery

After meeting the above identity verification requirements, I will individually sign each of the UID(s) corresponding to your identity and e-mail an encrypted copy of your public key for each signed UID to its corresponding e-mail address. You must decrypt the signed key(s), which provides sufficient proof that you control the corresponding private key.

PGP key signatures I create do not expire.

I reserve the right to not sign a particular key or UID at my own discretion.


Document history

This document may be revised at any time. Material changes to my key and/or signing policy are listed here. For all document changes, please see the repository's commit history.

  • 2016.09.27: Initial document published