prokop/thgtoa
1
0
Fork 0
mirror of https://github.com/Anon-Planet/thgtoa.git synced 2025-12-20 14:53:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
621a6ae3d087a9a1b66d8e3ff77b648f0dbd10b0
thgtoa/pgp/core-devs/than/than-canary.txt
nopeitsnothing 377e8ecad7 docs(link): Wikiless.org --> Wikiless.com
2025-08-05 03:35:19 -04:00

77 lines
3.2 KiB
Plaintext
Raw Blame History

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Sat Jul 19 02:03:40 AM EDT 2025
CEH v12 | (ISC)² | Linux+ | Cisco CCNA | Security+ | PenTest+
Owner: My blog - https://itsnothing.net.
Admin: The Hitchhiker's Guide to Online Anonymity - https://anonymousplanet.org
Latest bitcoin block hash:
00000000000000000000b685887fe078cc9839294a91f8d38a3311864fc15418
I positively confirm I am in complete control of all my key material and domains.
All previous keys have been revoked as part of standard OPSEC key rotation
procedures. Do NOT encrypt communications to my old keys, I will not read them.
The key currently published on
https://keyoxide.org/8B3A74890536BAD50D9376EBF1CB32F67E3302A1 with a fingerprint
of 8B3A74890536BAD50D9376EBF1CB32F67E3302A1, is my only PGP key for public
communication. It IS published on public keyservers now. Please refrain from uploading it there
(again). Someone already broke this rule.
Permanent record of old and new PGP keys:
pub ed25519/0xF1CB32F67E3302A1 2024-03-29 [SC]
Key fingerprint = 8B3A 7489 0536 BAD5 0D93 76EB F1CB 32F6 7E33 02A1
uid [ultimate] nopenothinghere@proton.me <nopenothinghere@proton.me>
To fetch the full key, you can simply do:
gpg --keyserver keys.openpgp.org --recv-key 0xF1CB32F67E3302A1
**
Note: this keyserver is experimental.[0] I still have yet to add these keys
to the I2P keyserver pool, and I don't know if I will. If you have previously
signed my key but did a local-only signature (lsign), you will not want to
issue the following, instead you will want to use --lsign-key, and not send
the signatures to the keyserver.
**
gpg --sign-key 0xF1CB32F67E3302A1
I'd like to receive your signatures on my key. You can either send me an e-mail
with the new signatures (if you have a functional MTA on your system):
gpg --export 0xF1CB32F67E3302A1 | gpg --encrypt -r 0xF1CB32F67E3302A1 --armor \
| mail -s 'OpenPGP Signatures' <nopenothinghere@proton.me>
Additionally, I highly recommend that you implement a mechanism to keep your key
material up-to-date so that you obtain the latest revocations, and other updates
in a timely manner. You can do regular key updates by using parcimonie[1] to
refresh your keyring. Parcimonie is a daemon that slowly refreshes your keyring
from a keyserver over Tor. It uses a randomized sleep, and fresh tor circuits
for each key. The purpose is to make it hard for an attacker to correlate the
key updates with your keyring.
I also highly recommend checking out the excellent Riseup GPG best practices
doc, from which I stole most of the text for this transition message ;-)
https://riseup.net/en/security/message-security/openpgp/gpg-keys
Please let me know if you have any questions on how to verify.
Nope (Anonymous Planet) <no@anonymousplanet.org>
0. https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f
1. https://directory.fsf.org/wiki/Parcimonie
-----BEGIN PGP SIGNATURE-----
iHUEARYKAB0WIQSLOnSJBTa61Q2TduvxyzL2fjMCoQUCaHs1WgAKCRDxyzL2fjMC
odrwAPsFcupXWVRha5k2BOZUvjg+nY27IG+5XM8w+IupueHVcAD7BL7MFWuJ11lb
Bqk3pSyp6hTxlSJ1lnItXwQYnGBL6AE=
=NQBO
-----END PGP SIGNATURE-----
Reference in New Issue View Git Blame Copy Permalink