Public Key Page

Greetings. If you ever need to send me a private message and you want to be reasonably sure that nobody will ever be able to intercept and/or tamper with that message then you can download and install my public key from this page into any OpenPGP compliant program. I recommend gpgp but if you aren't a command-line junkie like me then you can also use the free version of PGP.

I use this key with all my email addresses, but these addresses are not listed in a vain and futile attempt to prevent spammers from getting them.

An FYI about distributing keys in this manner can be read here. You can test if you have imported my key correctly by saving an unaltered copy of this html file (DO NOT CUT AND PASTE!, use the file menu to save the document) and then by downloading this signature file and using any OpenPGP compliant utility to verify the sigature.

It should be noted that even as a gziped file mozilla will attempt to open and display the signature, which is really pretty pointless with binary data. You will need to right click and choose save-as or copy the link and use wget/lynx/links to download the signature if you are using mozilla.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.3 (Cygwin)

mQGiBD9faiwRBACS51HBiCbo5UJVrV+8EcoVgJyybD3uFlJE7WC5I0SjEdxMMKie
LyN6wm/BvLNYlz9Nj1dFM0a8UWE8WvasUzNO2uLK8Y5ubE0sbq9VB5+pzY8+K7OE
WcQ4pISt2pUy+6tyUeRGqyJkJl6ZehvxVs0D5C/BKTbX6/yrewHzMtZK1wCgiYJg
8QnG9ONDoiuG6wKpPpJMU10EAJHHnqewniVQKUp0CHCYRf+cMpaA0MNVj4644fav
t04zeITbqz21U486nz822IJIXnlhQn0nIXnZpeJMz5JiB0TFNjmwXjMfSPw8ol0w
xz/YIcaGm3nZc3Ozy54paXh3qqITdVnvE903Rah1DoI5b9TNsDLKP8aDLNkB05qp
FuyWA/486tk6/Z+zkXGEPAO38mKGgvA/qLp+OWiyUuftL8KmCF2f8rWYLqFgOViQ
OAm3SCnhvJDk8+eC9cKktKeNF751u7MGOj+jcedzc7eWEAP6PTCSTAEgoqwbzDOT
TmfFlyBgj2ojbcdaa9/OquS/YCNxjTW3cYgCytzIH4XarE+NWLQrTWF0dCBHcmVn
b3J5IDxtYXR0aGV3LmdyZWdvcnlAc2t5bGVhY2guY29tPohkBBMRAgAkBQI/X2os
AhsDBQkJZgGABgsJCAcDAgMVAgMDFgIBAh4BAheAAAoJEPEBVEXhmN958pQAnjV0
85p4VTmJn+U2Xd7v0d9wT78SAJ9AkyqZj6wgUG+9bKNnpypt9wvMf7kCDQQ/X2oz
EAgAsw5+vVOJ/ixs7IPYbqWOipWvvau1nUXe7CfWC0L1FbTe39x3rkbWfLZDKC6c
OGUdvRzZ/KvSDZ1BusD26JtSKSmKC0SmqyjvJu3dkgcNNYEMFvWP4WyutWxFwN9E
kszQLbey3WXIJeaemCAKhg5ISzAom6gatCBwdxFdaIniYWKSznKZO/qxfnCwpK/B
e43z9IbAWLxgqGxpdjBUKi4RuD4r7dTVt1B3CuzPNnxBpOPlKd94sqpR9aUEVh3Z
xhNOmZAitj1FVwxE0Ge6hdUz1LdB9ldbHngRqX9HNkq/Fiz3xw2TDoWv2yzRrSud
D3GSfU+ENI0kwXrMf5Qxgg7/lwADBQgAp1SDz40CIuaBPgPW26Yzb7uLTlhsvsaF
9ssn3C+5F/9z/Q0h9E+tJCW9H7EscxeOhMbNc7TQl8dds2Of3u3PtI5iNdpwC6qf
F145hcZw+WQfGuQUK5InTAb8ZIjdg3OJQQoAKWTu5+pJBx5niHiDKSeLQ/QuQ/KN
6PxgZNZatwAPL06BW/ts4XsejZOj9Q0fsvKlFj766MU+gfNKNfuQXKwWK0yzYpri
drEF5LZb1bdrTdVJ/1BsRkbLBV210ebDpYbdbY7diAVWcE2Rbb+ndSDt4Ms2NQ98
jiMvlAtkAYdA2NX4gpuEl/L1rbPTxhrE0Jn6cNpdFUKpVOCVcUrwEohPBBgRAgAP
BQI/X2ozAhsMBQkJZgGAAAoJEPEBVEXhmN95rPkAni2NrPUi2a36H35rQHwd5V9o
ehqQAJ9u17WeXhQOuP003PkFSrTmSDn1Vg==
=Bndz
-----END PGP PUBLIC KEY BLOCK-----

Man In the Middle

Although it is a non-trival hack (no, not really a crack) it is possible to perform a "man-in-the-middle" attack on a public key distributed in this manner. The way to do it is to intercept this page and to insert a key which is not mine in place of my key, thus tricking you into accepting a false public key instead of my key. Then, a malicious program acting as a proxy between you and me would decrypt the message, save a copy, and then encrypt that message using my public key and forward it to me, with neither you nor I being the wiser. I have signed this entire page to make it just a bit harder to do that. It is still possible, since an attacker could intercept this page, alter it, sign it with the fake key, and then forward the page to you. When you go to retrieve the signature file they would then also need to intercept that request and return the fake signature file. I seriously doubt you have anything to send me that would make this level of interception worth while to anyone. If you are really really paranoid then send me a cleartext message requesting a copy of my signed public key on a cdrom and deposit $2.00 into my paypal account and I'll send it to you that way.