Home » My PGP key

My PGP key

This page will help you use gpg to securely exchange messages and files with me.

My key info

ID 0x7BDD6BFE
Fingerprint 32A9 EDDE 3609 931E B98C EAC3 1590 7E8E 7BDD 6BFE
URL https://matthewwild.co.uk/gpg
Statistics http://pgp.cs.uu.nl/stats/7BDD6BFE.html
Keybase profile mattj
Previous keys 0x13F1F1D5

Import my key

You can import my key and signatures from key servers:

gpg --keyserver hkp://subkeys.pgp.net --recv-keys 0x7BDD6BFE

Or directly from me:

curl https://matthewwild.co.uk/gpg | gpg --import

Encrypting a file

To encrypt a file so that only I can open it, run:

gpg -r 0x7BDD6BFE --encrypt-files FILENAME

This will create an encrypted file with the same name but '.gpg' at the end, i.e. if you encrypted a file called 'message.txt', the encrypted file will be called 'message.txt.gpg'.

You can then send this file to me over email, or any other system.

Verifying my signature on files

If I send you a file, or publish it somewhere, I may give you a signature file to prove that the file came from me and it has not been modified by anyone else.

To verify the signature, simply run:

gpg --verify SIGNATURE_FILE

Replace SIGNATURE_FILE with the name of the signature file I sent you. The file I signed should be in the same directory so that gpg can find it.

gpg should print out info like this:

gpg: Signature made Mon 12 Jan 2015 19:29:19 GMT using RSA key ID 7BDD6BFE
gpg: Good signature from "Matthew Wild <me@matthewwild.co.uk>"

Verifying signed messages

If I send you a message that is signed, you can verify it in a similar way. I might sign messages that contain important information that you need to be able to trust.

A signed message will look something like this:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello world
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUtCCPAAoJEBWQfo573Wv+sXAP/2INZ/cQI84SI/AspZDHrs9L
BOm9AbFCc3dfLJsLRrcuSjqpIM5/j9EuqN7dJAOaY93gG+dCosz0rPfELi4cCgPo
DhNzIuaAlJjwrSfxQKfhRzTL2g1mtp/g4x0uHs7VkybFFH4O1yOvmDywappr1ysr
xGTnTCJFt6JRwTQSOR05dc8WFQZ0vUzlVBwUUlK6/8JI7Jem/8eOVxFXKmIVFExP
5FmZsdD7fmlmFawdBcy+e2J/9BypHC8fhyPgpZ0g/8Z7BNLkXuv7PHg+42H1hdAR
fHanxb5yJr2OZeycDvw1L0QZCO2kQfH8K3ld5Fs0h7iONOG2HV/RZEk8j6PAzwaN
39Q+NOHvgmIfc3YB0AHsAWQL9o1+S6byOOi4DVVoog0FrezZlF7LgbmiFLN5892Q
fofZx6Rdlo3HwyJOhUAWmHuhgm9XmgW5S1S76jkxDXSAllupiz/BCOSU0NF8BL3q
TNcbRGZFfQ1Z23cR9BJcI+eeIfzgkh2FbNcY3Nr7CBl7MU14uz52DjkKsWl2qREZ
lXIzWOeR6TZLqtT7eFgL4TF1dCEEpNqFLVb6DuQu74dEQBgedU38NUY+l04KC96Y
NdtIplCKDsvB20E5yymzhXKxIvHrxwcl9ut4+4bkUV44Tk/847cAhSZaUFdymsgj
57hPwz7Z8mXJ7BfE09pD
=mYC2
-----END PGP SIGNATURE-----

Copy it to your clipboard (i.e. select it, right-click, Copy). Then run:

gpg --verify

Paste the message, and press Ctrl+d. gpg should then tell you the status of the signature:

gpg: Signature made Mon 12 Jan 2015 19:29:19 GMT using RSA key ID 7BDD6BFE
gpg: Good signature from "Matthew Wild <me@matthewwild.co.uk>"

Identity verification

When people with PGP keys meet, they may verify each other's identity and sign each other's PGP key. These people then go on to sign the keys of other people, and it produces a whole network of people who have verified and been verified by other people in the network. This is often known as the ”web of trust”.

If you have a PGP key, and have signed other people's key with it, those may have signed my key, or signed the key of others who have. Then there will be a path from your key to mine. The shorter the path, the better (fewer individuals you need to trust!), and the more paths the better (more consensus that my key really belongs to me!).

:?: Why is identity verification important? If you use my key to encrypt something to me, you want to know that you actually have my correct key, and not the key of someone wanting to intercept the file. Such a person may try to mislead you, and make you encrypt the file with their key instead. The web of trust helps to prevent such deception by having as many people affirm that the person with a key is who they say they are.

To find paths through the web of trust from your key to mine, enter your short key id below:

Enter your key ID:

(this will take you to an external site)