glmdev signing authority

verifying files signed by me

Import my signing key. This can be done by requesting the fingerprint from the default GPG keyservers:

gpg2 --recv F34B56F298E94AA8760599D76ACD58D6ADACFC6E

Now, verify the file:

gpg2 --verify 				# if the file was clear signed
gpg2 --verify 	# if the file has a detached signature

You should see something like:

gpg: Signature made Wed 03 Apr 2019 01:07:13 PM CDT
gpg:                using RSA key F34B56F298E94AA8760599D76ACD58D6ADACFC6E
gpg: Good signature from "Garrett Mills (glmdev signing authority) <>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: F34B 56F2 98E9 4AA8 7605  99D7 6ACD 58D6 ADAC FC6E

building the web of trust

I'm a big fan of the distributed nature of GPG, and I want to build a web of trust and help others do so as well.
If you live near Kansas City or Lawrence, Kansas and want someone to sign your GPG key, get in touch with me here.

I'm also looking for people who are members of the original PGP web of trust (circa 1990-2010) to sign my key. If you
live near enough to do an in-person verification and key signing, please reach out!

my key

My public key is available on the main GPG keyservers with the fingerprint:

F34B 56F2 98E9 4AA8 7605 99D7 6ACD 58D6 ADAC FC6E

It is also hosted as a file on my server here:

My key is for my personal use only for files, communication, code signing, and signing other keys. It should have this info:

gpg: data source:
(1)	Garrett Mills (glmdev signing authority) <>
	  2048 bit RSA key 6ACD58D6ADACFC6E, created: 2019-04-03

If necessary, both my public GPG signing key and public SSH authentication keys are available directly:

copyright © 2020 Garrett Mills. | | last updated: 2021-04-26