Home » My PGP key

My PGP key

This page will help you use gpg to securely exchange messages and files with me.

My key info

Fingerprint 32A9 EDDE 3609 931E B98C EAC3 1590 7E8E 7BDD 6BFE
URL https://matthewwild.co.uk/gpg
Statistics http://pgp.cs.uu.nl/stats/7BDD6BFE.html
Keybase profile mattj
Previous keys 0x13F1F1D5

Import my key

You can import my key and signatures from key servers:

gpg --keyserver hkp://subkeys.pgp.net --recv-keys 0x7BDD6BFE

Or directly from me:

curl https://matthewwild.co.uk/gpg | gpg --import

Encrypting a file

To encrypt a file so that only I can open it, run:

gpg -r 0x7BDD6BFE --encrypt-files FILENAME

This will create an encrypted file with the same name but '.gpg' at the end, i.e. if you encrypted a file called 'message.txt', the encrypted file will be called 'message.txt.gpg'.

You can then send this file to me over email, or any other system.

Verifying my signature on files

If I send you a file, or publish it somewhere, I may give you a signature file to prove that the file came from me and it has not been modified by anyone else.

To verify the signature, simply run:

gpg --verify SIGNATURE_FILE

Replace SIGNATURE_FILE with the name of the signature file I sent you. The file I signed should be in the same directory so that gpg can find it.

gpg should print out info like this:

gpg: Signature made Mon 12 Jan 2015 19:29:19 GMT using RSA key ID 7BDD6BFE
gpg: Good signature from "Matthew Wild <me@matthewwild.co.uk>"

Verifying signed messages

If I send you a message that is signed, you can verify it in a similar way. I might sign messages that contain important information that you need to be able to trust.

A signed message will look something like this:

Hash: SHA1

Hello world
Version: GnuPG v1


Copy it to your clipboard (i.e. select it, right-click, Copy). Then run:

gpg --verify

Paste the message, and press Ctrl+d. gpg should then tell you the status of the signature:

gpg: Signature made Mon 12 Jan 2015 19:29:19 GMT using RSA key ID 7BDD6BFE
gpg: Good signature from "Matthew Wild <me@matthewwild.co.uk>"

Identity verification

When people with PGP keys meet, they may verify each other's identity and sign each other's PGP key. These people then go on to sign the keys of other people, and it produces a whole network of people who have verified and been verified by other people in the network. This is often known as the ”web of trust”.

If you have a PGP key, and have signed other people's key with it, those may have signed my key, or signed the key of others who have. Then there will be a path from your key to mine. The shorter the path, the better (fewer individuals you need to trust!), and the more paths the better (more consensus that my key really belongs to me!).

:?: Why is identity verification important? If you use my key to encrypt something to me, you want to know that you actually have my correct key, and not the key of someone wanting to intercept the file. Such a person may try to mislead you, and make you encrypt the file with their key instead. The web of trust helps to prevent such deception by having as many people affirm that the person with a key is who they say they are.

To find paths through the web of trust from your key to mine, enter your short key id below:

Enter your key ID:

(this will take you to an external site)