My Public Keys

Sometime soon I shall add more of an explanation of PGP/GPG, what it is useful for, and why I use it. For now, though, I'll simply give you my Public Key details:

Peter Jones Public Key
  • 0x3557E234 2005-02-24 Peter R Jones (Home) <See key[server]>
  • Key fingerprint = 1F5D 8349 58D0 82E8 38F7 C254 F8AB 7758 3557 E234

Any other keys of mine you may have stored away have been revoked and should not be used.

My public key can also be found on a keyserver near you; I prefer to use keyserver.net but feel free to choose another.

(Note: I have chosen not to display my email addresses here because I don't want the spam-bots to get their hands on them -- and given the recent viral storm my primary home address has been weathering, that's probably a good idea! Suffice to say that the information in the key itself, and on the keyserver should match... Furthermore, each of my public keys has been signed by the other.)

Signature Files

I have decided to cryptographically sign all the ZIP files I make available for download on this site. For every link to a ZIP file, you should find a corresponding [sig] link. This file, in conjunction with PGP or GPG, verifies that the ZIP file you are downloading is the same one that I uploaded -- in other words, that it has not been corrupted or otherwise tampered with. I do not currently have any reason to suspect nefarious activities aimed at this site, but given the number of worms and other nasties which are continually being released, it would appear to be better safe than sorry.

Assuming you have downloaded a ZIP file that you wish to verify, you will need to install a copy of PGP or GPG. Personally I use GnuPG, sometimes in conjunction with GPGshell, but you may prefer another product. There are several available.

Example

To verify filename.zip with GnuPG, place the ZIP file and the corresponding SIG file in the same directory. Type:

  gpg --verify filename.sig filename.zip

If you have imported my public key, and provided all is well, you should see something similar to the following:

  gpg: Signature made 05/15/04 14:34:59  using DSA key ID 29A6E85F
  gpg: Good signature from "Peter R Jones (Home) <email; see above>"

If the ZIP file has been altered (or corrupted) you will see this instead:

  gpg: Signature made 05/15/04 14:34:31  using DSA key ID 29A6E85F
  gpg: BAD signature from "Peter R Jones (Home) <email; see above>"

Try downloading the ZIP file again; if the problem persists, please notify me.