PGP Fingerprint

6D63865D1C6EEB0F92C394A15D21FFA27D8DCC66

On Sunday, November 9th, 2016, I migrated from keybase.io/rfkrocktk to keybase.io/naftulikay.

Almost all of my related social accounts were also renamed:

The net result is that I no longer have to ROGER-FOXTROT-KILO-ROGER-OSCAR-CHARLIE-KILO-TANGO-KILO, anyone who knows my name can easily find my accounts and no one will have to ask who @rfkrocktk is anymore.

Now I can NOVEMBER-ALPHA-FOXTROT-TANGO-UNIFORM-LIMA-INDIA KILO-ALPHA-YANKEE. Somehow this seems like an improvement to me.

SSH Keys

My SSH keys are available here along with signatures from my PGP key above:

The above /ssh/keys, after being verified of course, can be concatenated onto ~/.ssh/authorized_keys to grant me access to your host.

Verification

Speaking of verfication, here's how to verify the SSH keys against my PGP identity:

# fetch from keybase
curl -s https://keybase.io/naftulikay/pgp_keys.asc | gpg2 --import
# or fetch from keyservers
gpg2 --keyserver pgp.mit.edu --recv-keys 6D63865D1C6EEB0F92C394A15D21FFA27D8DCC66
# next, get the keys and their signature
curl -so keys https://secops.naftuli.wtf/ssh/keys
curl -so keys.asc https://secops.naftuli.wtf/ssh/keys.asc
# finally, verify
gpg2 --verify keys.asc keys

Fingerprints

SSH key fingerprints are available here, though they're not very useful to the average person:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

4096 SHA256:buiUcBzctSqErEG+LVtBFZmdc7h7y7eh6tLKS0MvqhE naftulikay:2 (RSA)
4096 SHA256:yZVkam2g2RvdC8F1iMkSfUVJ9VYNe+gnbMdYwa1iBGg naftulikay:1 (RSA)
4096 SHA256:PSyXvUTFXu+myNTBjyrf36DnGQBBMJgICggmrsm+uKs naftulikay:0 (RSA)
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJa7PDMAAoJEIKDWljdEfHR0psP/jCPo4eMUsWAA8SkkhugccGk
eWkBMERq2kIci4JqhQn6l7OsSfZ1lzNAus/6lixdITuR5MjfhEMxFQBNuFit+wjZ
QEudXDBxv99MY6btylFMzvPgkRaYEzoxD9Wa/P4ngiDSemIYbstK+uoYDn9o91Ji
fZm/pNzGvutbwhOEg0jCQqUmjqFmv7QolPxj+bevGO/gRhvvTkDzCmRg+/PMxnzx
f2YaIj55vsy4TNM0LNThdi50/lM4yba9VByEVgie9u8YHEdy6TEpzf6AnGaJKpC7
edNICoyhzarOKL3dPa3XBQuhw27R3ikM+agy2HucMSdPqI3pZaUYRBSA3tqja8Fc
WIQ5gzx/Qd9YYpKIHERUe56ssvBDcI0o8a4EDaJrdtBJVl8vh2uiNmMySKARwQPp
oo/lKJ6wQ6S7RrlEZ4zVVg1T61YvwCDtOMP1bgZn+eTUqWU+NtZ3skCwu0eUZG/G
yGtSEbdcE4hVHwiX8tR3dHn3iNjfgCJYQHv8WsQBL+hGBauGolIb5ne0K5PCuPUY
mpdFyFXHdoOniDC+97N0am4wV8nV0bf7cGWdfi/BqHDtWU7j6R0oiZZmRjCA21Tr
ysFNQb2GAyFyxb1R0Gjmedt0MkF4nrgrZ0ZGEy1IPSRChANnUCY0MVsp8i5wbT2T
WWrAAcLb4WHxubl64aYF
=/Smp
-----END PGP SIGNATURE-----

Signal

Unfortunately, Signal has changed the way identities work:

How do I verify the person I'm sending messages to is who they say they are?

Each Signal conversation has a unique set of safety numbers. This replaces the old version of a fingerprint or identity key for just yourself. These safety numbers get stored the first time you exchange a private message with a new contact. You will be warned if a conversation's safety numbers ever change. This can happen if someone else is pretending to be them, or if they get a new phone and reinstall Signal.

In case their documentation changes, here is a screenshot of the text as of 2016-11-13 23:01:54+0000.

While I'm sure this was done with the best intentions, this makes it impossible for anyone to post their global identity online; therefore I cannot simply PGP sign my Signal identity to prove who I am except on a conversation-by-conversation basis. If you would like such verification, please request it.

Signal Identity Updates