PGP Keys for Eric Duncan

I have published my public PGP keys below for my two main email addresses. I have also published my PGP keys in the MIT directory pgp.mit.edu as well that are linked to the same email addresses. If at any time I need to revoke a certificate, it will be revoked there.

I will also be on Dark Mail (if) and when it launches and will update this page with my public key(s) from it as well.

Therefore to keep up with any changes to my PGP and Dark Mail keys, you may want to subscribe to updates of this page at GitHub.

Public Key (copy this chunk to a file)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBFPrubYBEAC/z8jhm1lZXfuLrrRLkd0Yk0AlUJcxpfRLsSXEoI6BxTYHDbvr
Ux5R9NROW1FdVE7atL38xHTzzoiiU+1b+DZybO8M4w4SusOzf3rat54mBKsnj/rF
5fZT1tSyYu4vat0fCGmZz2hupf3B6D2uM9/7Jd4BH9G1HYR9t55cGpfuN9gW8nQl
rXiv1Zt///j+kcdyyQKMWMaHgzTdo2MLyvM18CnF38Hqmh/J47fNSMQnIlV8AbOD
8tb4qCc9t5RyrA2+BfGnoFfT9VTYw71BHdVZUF9q/PLSntzMdYxntzUlG5flSiL8
BgSNDAAeNZ7M+7JgJ1GAU4u1sVJtjjmswwMY41MsmG+OhsaTovnkxys5bvGkJUFe
AHJXqukmlUBmRYfHsNZ1Xppqm0BEktSp47Bezh1/8uoASpH+0km5713HPQwrFed9
EBbP5SIeTIRz9GkgqViinYZbQIge/xc3so71jbRo0N16/3bM65AHwu/DcfslCh3R
hlumzTjQxUchF9H5Yh2W63CnsxCENnAM6gtnj+3h4RUOrWgYYn9Tm17dwjfnRfr3
NiTy5eSnhbeSmXtDfkc6NMXDhTnqJ3TjirvrcGxN2LU+qr203YbghI9h2UV3PYfa
2nQjQLaHx/UlzH3Y4B3f4+4nvrO61SMimlVe9re+ioDEyBuMjQPD8zXF4wARAQAB
tC9FcmljIER1bmNhbiAoZWR1bmNhbjkxMSkgPGVkdW5jYW45MTFAZ21haWwuY29t
PokCTgQTAQgAOBYhBHipE+qvgSQVS1ALKlzg+VqlEKqMBQJZTXJbAhsDBQsJCAcC
BhUICQoLAgQWAgMBAh4BAheAAAoJEFzg+VqlEKqMUX8P/2Q4P+/TcZrFoDcJicjR
s+0bIZttgB5FI0QVBXyciDqu0w1Sy0ywHoZSa5WnnYY837wXyiAessYTmn6bG5e4
hbGobfbuq523w5paeO6LYXglopbSKsJ5sbQkvD+VOVipGLWWbPrvQKYCTB2EvN/Y
m1fNK6cShjFFo7tSm4GfD2103IKGesE26XRoUUVhPdqQNeY3NgvSmXGXG2TLsXs0
9fQzlNOJf8qxV3m9uejDMAjAm4WtnprfVthF6RgzWtiXeSsvBJOg8eo1aoBn/gE5
5Zalw+HftD09CunFmjmd14xvB6ClaoXB1h4xfxSxJv5jj18E1/6bxb/wujnn1Sji
TZ7ugTYQnxuHf0UJlnlRPrtSYT3gCi0xGdZTrqTduFCDPz++rP1gMVRuAcuZOXMk
DLUrSY3kGFX5lj1U31qk6/FbZikWZ9RvJ74gxuTV0eLNsZb1TU99cOqGpd85V9wT
WiWH/5yfcmqS7wGvGyU3YQsBygPmON14dmnDppKsmYYj5UdaZn+f7ygi44Oml1bn
PYn73qJ80VHS2CkwE4/MLcVfQpJOkjM0yz7UcarquKuJn97m7KTgLzlmCZ1rdIZR
nLg9AYsBajGStj+VfSRq6D+FzBi+lC1undowgtYxBrBfe/TUky9wAlzrJLzU6tzW
C9xKxyqG2elVMMUpxLzhEGbZtCxFcmljIER1bmNhbiAoZWR1bmNhbjkxMSkgPG1l
QGVkdW5jYW45MTEuY29tPokCPwQTAQIAKQIbAwIeAQIXgAUCU+u6dgoLCQ0IDAcL
CgMCCBUKCQgLAgMBBRYCAwEAAAoJEFzg+VqlEKqM9+8P/1hjl1/5tc/e7InRwiFU
OsKeiWNaAPupSgNyKXplzTIllqUXewLLOdZIzwbR/lgje9f5/bs0GKzIQ8/VtVdV
d+JHjWZss9uQolxnR4uxds8w+ymMoHa9bhX6zwSzlj3ns+ywAk4BaZ4yLmXl9TQo
W2NS9FyPZf9jNeR7+mvnOFPSWRouHm4vO8ePqXCpdkb0aeS6piSsMut1Mg6JRKO0
zsJn8M8PChPY1tR6HLpmEjRCKp/L3EsULhmCPjfGiVOetVOC6hXv68Us1N2D/P5s
IR3MCQO4dJ6lHoL7enwGv7Wr3/couuaI41OJFB+C3eW3a3KPZBZ6FqOo+9Zp043E
t4FtTw2fu9lsDhwPoDEbohX9S/ZRQUZpEfE/kC/0XbQDrgFo3UbhNlu2etfkIpnL
6Fb3PS9eXhmcCPuXMTMM37BLXiV6+0MRodbrK8fsv1eXnNftJvIteN6Z63/ForVt
9jpfV5g802egKrbcfX72M84h7pNCLaoagabT+vbZq5eP9PLWPvT6DS8HyiTGhWSP
f0X6zjBOmPEXGazj3v0rX5uh2r/YqXT7MWVugRJdCAF93zTDEVkWBcqr/kbc/77X
rG4Wn7ajaBi4KkjTfwOX8GcbkZ3WObZg8Ex1JLtwOocqn6YVYxas5t0ORoE8ZSAt
cLhqJC7MCpmpAueYdM7gFMuliQI4BBMBAgAiBQJT67m2AhsDBgsJCAcDAgYVCAIJ
CgsEFgIDAQIeAQIXgAAKCRBc4PlapRCqjF8SD/96uel6yZnEMPfIjD1YHZ0YojWs
dQWs9PbgqATsNg60B9vu8xAWGACLQPuvMBKkxAWz/czlDCCkedk4N6r3Ioa1Jrpq
lM/tHOKUokXoxM2S9sxhoBRMx27jtCjPKnCCDNY1tPKC7n0y8TqR5R3SEc9iHSBe
PqALMAgaPj6qY2UmMtVe+j9X+CoqPt7CKv6MV4Dww+kBev21BgJsNdG1Gn8l1qE4
Tzpo3hfWN9vxiErlblbAkE65PWGnGiG7TrHZFPwINstk9yxf4K4X1kFHzxrOqIg/
EuFpA8rS91lYm7j0Tl0yzDh1hmZBnWHAPtyhe/tIA9fqmkG1sHqbLgutbK/MF2tS
Kl7I63Wwa1m3Hx0o3hwYY3TLHkZfakPZE3sRPBJrfOCxNrMsExr8KgBTKBsczwNa
E0AkMGvdpO1gc1i+gxboBOdHnDvjoc6ZXjcPApqOPq3O/pWrrBuAjwPy8/TMB0eU
RvLEbZJe3zKEQHNe7j5hsf0bDaXqoCDBhXb4NNV8+R97MHOK7Diq2NHBnaoa//pu
OzyB1sp8pl8XdQXjdaMGogs5De59eY9qyZ5ogiQIzMVe7UhU7kDUO/zIgyI2c8b9
417it6CJaatvTKgwQB+pSoA9j7unjhoNF6UjrfaWgnAV2Jy+NBVMHgPpBBpe1GXg
fKmSAFqtZCWov18tr7kCDQRT67m2ARAAujYhBSHO9YMMFVHti/LereYe8YpjGNJX
Ft1aHHOYUKiZBKhshw9yYpqNrHwu8lle+kWZYKmSegiGUcB2J1+lnlxkhe1wmLOU
OpX1frNUAizlYvbfP/wAbc5OQygIuXRhTHyFVb/XsqkWj+U16JcRNOeKPWBrDNkg
MTmwTGxkJFliK/bKoYxjaY/4zuM7hqc7xWXbSXg2jBNTPHvNaJnhIXPPvXpcugTP
+5LYpMMesLrxJXOoXA0qeTPO5wyoWiZliuvU+CDNkcfwupHphj6l/aNJ1pevvJbA
QUiixyXeWt/AHMXIYqw1DzmyD0Zl2/0LVg2rMGZnzYJ8voDbWhqYytUUAuiYRKE3
7h+BeBrLT9Q4zvMyueU2wyXbt2pU667k/a4AcyMoZYnWDogJj46aZBYJnonwd6uZ
iz92aEUidIZwsNdtMDuBTcnh61k9sTbDLCDR8fAZn0uZYU7q9tmnV/fpTWMay0gK
qMt7ZKl4q8J2Sc6iOTKKT91B7+yqR32ofhZ3zlNpfjFJRGfXAR8EZFmLYUmosiO3
NDFDoIvuhgPdJbUdGQt/YX3iZoDpv/DergQpa6dc+2vkrNdZ7Y8QSPsMLTG6QOo6
9wXvp+lDozV8QqMH+rhtYj+9db3UYEbWzJt2hvUeuNdrPKkB/ph/3dF1weWEtTcn
BrpOK1hnsw0AEQEAAYkCHwQYAQIACQUCU+u5tgIbDAAKCRBc4PlapRCqjF65D/4v
1W5tdsQVx06GdavyBj87uHU2YIhgEXOZGcvalr+aWdUGl7EtN8YDtJNJUduXIYOo
oYLYpY++Rs+fqa09qLaU4DuQeuM2vqbW8cMnTnqWiFiuH4WBNUrdjE6rRUdwpLc8
wn7UwILMvOOv6MRcAzgMKpf+WEQ+1IJEW551eOJJes6JLEp31QJgkCD1bWjXTPLy
lBVx7VSLKKro8t+8GmPxRXWKaMAwm/UjIGnu8739ML4/GI5KFs55JdHsB7I6uJ/V
l5V7T4DLZ5CP0F9JO/dLSUjcoBvOQwqB7Z7R8uyX4MCU7a7dzjKdXSAK3Lu/Xyhq
8+MnWU20W+hfZfsXXquP7GDQ3bBeGk7BGRRDs5Usy1ssLNWt7RZHfce8ImmkD3Pn
fVKjdynEv0+mbMeoAhXpT/U/pED36d5vEKQzKLNxmzI1ZzOSet/0W33K3rupQGs+
3w+P6H76ftJtoQiZgyp4uJe3LTaL+xzeaaDm9KJDk1GxbAoyNLYOu4g1yT/qteo9
JJiptBPR6a6ZhdVvdPRhrauFwjzFgLkItzKjj01U2zLHyQYYwtVA7/yFPzchPzW9
FuHjEpiO922+kaprv1QIZb+P0ZMf18y1+Eo9BKczkRpyXcUONvubaVVvhM1+voxm
5We9UAn/JcU9TiyAy3pWplP3j4lJax4ffOwuMdq95w==
=uWjH
-----END PGP PUBLIC KEY BLOCK-----
Verification Fingerprint
1
2
3
4
pub   rsa4096/5CE0F95AA510AA8C 2014-08-13 [SC]
Key fingerprint = 78A9 13EA AF81 2415 4B50  0B2A 5CE0 F95A A510 AA8C
Long Key ID     =                                   5CE0F95AA510AA8C
Short Key ID    =                                           A510AA8C

You can use my public key to send me encrypted messages and files. The fingerprint is used to validate my identity (over video chat, in person, etc).

Verifying Me: Eric Duncan, aka eduncan911

You can use the fingerprints above to verify the PGP key if you trust my website to be an authoritative source.

To verify that my website has not been tampered with, you may review the commit history on GitHub for any updates other than me along with the datetime of the last updates:

https://github.com/eduncan911/eduncan911.github.io/blob/master/keys/index.html

This link shows this actual page you are viewing right now as it is being hosted directly on GitHub Pages (GitHub served you this page, as you are reading it).

Therefore, it can be safe to assume verification of my fingerprint by viewing any tampering or updates to this file in the commit history listed on GitHub.

My GitHub account is protected by two-factor authentication so you can assume that my username/password has not been compromised for an unauthorized update to this page.

GnuPG Tips

I am archiving a list of gpg2 commands I use from time to time for me when setting up new systems, generating new keys, revoking, etc. Feel free to use them as you wish.

Most of these I have sourced from Alan Eliasen and I highly advise you read that link.

Generate a New Key

Generate a PGP Key using GnuPG
1
gpg2 --gen-key

Make sure to pick 4096.

Use Stronger Algorithms Before Posting the Public Key

These sets of commands will change the algorithm used even though GnuPG Version 2 already upgraded it to pretty strong ones. That Version 2 upgrade though doesn’t allow for older weaker encryptions possibly used by other addressees in the same email. Therefore by setting the chain below, we stay compatible with older versions of GnuPG software that uses weaker algorithms by default that happen to be addressed in the same email (e.g. mostly Windows users).

Upgrade the Algorithms used
1
2
3
4
5
6
gpg2 --list-keys
gpg2 --interactive --edit-key your@email.address
gpg> showpref
gpg> setpref AES256 CAMELLIA256 AES192 CAMELLIA192 AES CAMELLIA128 TWOFISH CAST5 3DES SHA512 SHA384 SHA256 SHA224 SHA1 RIPEMD160 MD5 ZLIB BZIP2 ZIP Uncompressed
gpg> showpref
gpg> save

Generate a Revocation Key

Be smart and generate a revocation key and store it indefinitely in a secure location so you don’t look like an idiot.

Generate a Revocation Key
1
gpg2 --gen-revoke --armor --output=RevocationCertificate.asc your@email.address

Export your Public Key to Share With Others

Now that you have updated the algorithms and setup a revocation certificate, your public key is ready to be published.

Get the Public Key
1
gpg2 --armor --export your@email.address

Save this to a file named something like pubkey.asc, as the .asc extension tells others that this is in ASCII format.

Uploading your Public Key to the WOT

You may want to publish your public key to online servers known as the Web of Trust (WOT). This creates the availability of your public key should you send an email to someone that didn’t include your public key.

First thing is, unlike most other commands here, you can only do this with your keyid – not your email address. Your keyid is located by looking at your fingerprint and exporting a short keyid with it:

Short KEYID with Fingerprint
1
2
3
gpg2 --fingerprint --keyid-format short your@email.address
pub   rsa4096/A510AA8C 2014-08-13 [SC]
...

In the output above, we can see my short KEYID is printed after the rsa4096/ portion: A510AA8C.

We take this A510AA8C and issue a command to send your public key to the servers. Note: replace the your-KEYID-here with your short fingerprint. E.g. mine was A510AA8C in the example above.

Publish your Public Key
1
gpg2 --keyserver pgp.mit.edu --send-keys your-KEYID-here

Fingerprint: Verifying Identities

So that others can verify your identity, generate a fingerprint that you can carry in your wallet, show over Skype video chat, etc.

Print your Fingerprint
1
gpg2 --fingerprint --keyid-format long your@email.address

Use the command above to print out the fingerprint of other people’s fingerprint for verification.

Backing up a Secret Key

One method is to export your key as ASCII that allows you to print it (for rescanning later as it would be error prone to type it manually), or to store it in a key store (which in itself may be a bad idea).

Exporting a Secret Key for Backup
1
gpg2 --export-secret-key --armor

Optionally, you can specify --output filename to dump it to a file.

Signing Someone’s Public Key for Local Usage

So get rid of the warnings in email clients, signing the public key tells your system that you have verified and you trust the public key.

Signing a Public Key
1
gpg2 --sign-key their@email.address

Or for trusting someone on a low level:

Signing a Public Key, with Trust levels
1
2
3
4
5
gpg2 --interactive --edit-key their@email.address
gpg> sign
gpg> trust
gpg> save
gpg2 --export --armor their@email.address

Import Someone’s Signing of Your Public Key

After someone verifies who you are, they may want to send you a signed certificate. You can import this signed certificate locally for any emails you send to them in the future.

Importing a Signed Key
1
gpg2 --import

Locally Signing Someone’s Key

If you don’t care about verifying the identity of a person’s public key, you can just locally signing their public key blindly ignoring it.

Blindly Sign Someone’s Public key
1
gpg2 --lsign-key their@email.address

Publishing your Public Key

You may want to publish your key using GnuPG’s command line, especially to multiple servers.

Publishing your key
1
2
gpg2 --list-keys your@email.address
gpg2 --keyserver pgp.mit.edu --send-keys [KEYID]

The Web of Trust dictates good practice of personally verifying someone’s PGP keys by publishing your signed version of their PGP key publicly. Once you sign their key using the procedures above, you can publishing their key using the same —send-keys method above.

Encrypting a File

You can encrypt files using PGP.

Encrypt a File
1
gpg2 --encrypt --sign -r your@email.com filename

If you want to be able to decrypt the file in the future, you must add your own email address to the list of receiptents. The -r does this for you.

But say you want to one-time encrypt something to send. Most email clients keeps a Sent history (if you are sending it in email). You don’t want this! What if your private key gets compromised and a few years goes past – then, someone with that old private key has the ability to decrypt that old email archived off in your Sent folder.

Therefore, you can omit your own email address. Just remember you will never be able to decode it – ever.

Alternatively, you can encrypt it with —armor that will print out the contents in ASCII mode, making it easier to paste into a text file or email.

Encrypt a File with ASCII Output
1
gpg2 --armor --encrypt --sign -r your@email.com filename

Summary

That’s about it for the tips.

There is a lot of reasons I skipped over that is listed on Alan Eliasen’s site. I pretty much consider it required reading before I trust you as a PGP sender.

> Revision History