SORRY! UNDER CONSTRUCTION!
You can change the end of this URL from .php to .txt to view a signed plain-text copy of this policy.
This is my policy statement for the following GPG keys:
Used for key-signing:
pub 4096R/8B2E508B 2017-01-22 [verfällt: 2018-01-22]
uid Harald Niemeczek (offline long-term identity key)
uid Harald Niemeczek
pub 4096R/68A0EF1D 2016-10-12
Get the key
uid Harald Niemeczek <h****d@niemeczek.at>
uid Harald Niemeczek (*******) <e*******@student.tuwien.ac.at>
uid Harald Niemeczek <deb_mailinglist@niemeczek.at>
uid Harald Niemeczek <support@debianadmin.net>
uid Harald Niemeczek <d******a@niemeczek.at>
uid Harald Niemeczek <******.*****@gmail.com>
uid Harald Niemeczek (Jabber-Account) <h***m@jabber.at>
uid [jpeg image of size 47390]
uid Harald Niemeczek <******.*********@tuwien.ac.at>
uid Harald Niemeczek <p********r@niemeczek.at>
uid Harald Niemeczek <*****@niemeczek.at>
uid Harald Niemeczek <a***e@niemeczek.at>
uid Harald Niemeczek <s******y@niemeczek.at>
uid Harald Niemeczek <h********r@niemeczek.at>
uid Harald Niemeczek <w*******r@niemeczek.at>
uid Harald Niemeczek <i**o@niemeczek.at>
uid Harald Niemeczek <o****e@niemeczek.at>
uid Harald Niemeczek <k*****t@niemeczek.at>
sub 4096R/06EC4A8C 2016-10-12 [verfällt: 2017-10-12]
sub 4096R/0B9D6722 2016-10-12 [verfällt: 2017-10-12]
sub 4096R/94723897 2016-10-12
Some Mail-Adresseses are hidden for privacy and spam-protection reasons.
My offline long term identity key is an offline key, stored only on a USB-Stick
kept encrypted and password protected at a secret place. There is an encrypted backup that is kept at a secure place, too.
The pass-phrase on the key consists of more than ten random characters chosen from among the 96 printable ASCII characters.
When I need to use this key, I boot a Tails live system that is only used for handling GPG keys on a PC with no network connection.
Tails uses an encrypted storage, where the keys are loaded from. Any data that needs to be signed or worked with is stored on my PCs hard drive accessed via Tails.
The offline long term identity key will be used to:
The offline long term identity key does not expire. I will revoke it if I have a specific reason to believe that it has been compromised.
My key for everyday use is separated in the primary key and two sub-keys.
The primary key was kept at my PC for a long time and is now kept with the offline long term identity key.
The subkeys are used for everyday encryption and stored at my PC and my mobile phone as well as a few encrypted backups.
I also have a tails system with the keys available in the encrypted storage in case I need to work on a PC that is not my own.
The subkeys expire every year, the primary key expires every five years.
I will revoke them in the event that a non-encrypted key is lost, stolen, if any vulnerability is discovered that could allow a
host device to extract keys from it, if I discover a forged or unauthorised signature or if the key has become insecure in another way.
I am ready to sign keys belonging to ...
Certifying signatures from my offline long term identity key carry the following semantics:
RFC 4880
The issuer of this certification has done substantial verification of the claim of identity.
RFC 4880
The issuer of this certification has done some casual verification of the claim of identity.
Either:
-or-:
This person would otherwise qualify for positive certification, but I have done something slightly ad-hoc to verify his/her fingerprint,
such as receiving it over an OTR chat session after previously having verified his/her OTR fingerprint in person.
RFC 4880
The issuer of this certification has not done any verification of the claim that the owner of this key is the User ID specified.
I have never used this certification type, but may use it to certify a key belonging to someone with a widely-recognised pseudonym.
Such a signature would assert my belief that the person who controls that key is the same person whose past work is published under
that pseudonym, but would not assert anything in particular about how I justify that belief.
RFC 4880
The issuer of this certification does not make any particular assertion as to how well the certifier has checked that the owner of the key is in fact the person described by the User ID.
I do not use this signature type.
After meeting in person, exchanging the key-fingerprints and verifying the identity,
I will sign the keys at home and send them encrypted with the signed key to the
mail address that is written in the main User ID. If the main user ID does not contain a
mail address, the key will be sent to another user ID's mail address.
RFC 4880
0x00: Signature of a binary document.
This means the signer owns it, created it, or certifies that it has not been modified.
0x01: Signature of a canonical text document.
&emspThis means the signer owns it, created it, or certifies that it has not been modified.
&emspThe signature is calculated over the text data with its line endings converted to.
"... that it has not been modified" will, for instance, be the case at forwarded E-Mails.
The absence of my signature implies nothing; I sometimes send unsigned messages.
This Key Signing Policy is based on https://www.dfranke.us/pgp-key-policy.html (©2014 Daniel Fox Franke),
which is licensed under Creative Commons Attribution 4.0 International License.
This Key Signing Policy is also licensed under Creative Commons Attribution 4.0 International License,
with exception of the upper code-blocks containing my key-data.
Here is a signed text version.
Here is a list of key-signatures I made.
Previous versions of this key signing policy:
There are currently no previous versions.