thgtoa/docs/pgp/index.md

title, description, schema

title	description	schema
PGP	Import our GPG keys to verify our releases and signed content.	@context @type @id name url logo sameAs https://schema.org Organization https://anonymousplanet.net/ Anonymous Planet PGP https://anonymousplanet.net/pgp/ ../media/profile.png https://github.com/Anon-Planet https://opencollective.com/anonymousplanetorg https://mastodon.social/@anonymousplanet

PGP Keyring for Verification

Download Our Public Keyring (anonymousplanet.asc)

Import this keyring to verify the authenticity of our releases and signed content.

Import Instructions

GnuPG (Command Line)

gpg --import docs/pgp/anonymousplanet.asc

Or directly from GitHub:

gpg --keyserver keys.openpgp.org --recv-keys C302 3DBE A3FB 38C4 38BA 1EED CEC6 0AED E8B9 92A2

Import and Verify

# Import the keyring (includes both MSK and RSK)
gpg --import docs/pgp/anonymousplanet.asc

# List imported keys
gpg --list-keys anonymousplanet.net

# Verify a release signature (replace with your file)
gpg --verify file.sig file.pdf

GPG-Agent Setup

Ensure GPG-agent is running:

export GNUPGHOME="${XDG_DATA_HOME:-$HOME/.local/share}/gnupg"
chmod 700 "$GNUPGHOME"  # Critical for security!

Our Keys

Name	Key ID	Purpose
Master Signing Key (MSK)	9FA5436D0EE360985157382517ECA05F768DEFDA	Code releases, signing GPG-agent
Release Signing Key (RSK)	C3023DBEA3FB38C438BA1EECEC60AEDE8B992A2	Release artifacts only

Fingerprint verification: Always verify key fingerprints against our GitHub announcements before importing.

Security Notes

• Keep GNUPGHOME permissions set to 700 (owner only).
• Never share private keys — we don't have any!

??? warning "Key Rotation"

We may rotate keys periodically. Check our [GitHub Releases](https://github.com/Anon-Planet/thgtoa/releases) and [changelog](../changelog/index.md) for announcements.