On Sun, Sep 24, 2017 at 12:46 PM, jim bell <jdb10987@yahoo.com> wrote:
I think what I'm going to do, in part, is to generate a video of me reciting my public key, and place the video on YouTube.
That works well since many recipients know the senders IRL, or have at least made their own estimated and acceptable trust analysis as to such.
While such a thing could conceivably be faked, it should be good enough for a few weeks.
A few notes... People should recite the full 40 character key fingerprint. This is because 16 hexchars is only 64 bits (and 8 is 32 bits), and short-key-id collision attacks happen (search something like pgp fingerprint collision), and all other recited fields of such a key are cloneable by the attacker into the attackers key. Those creating their first keys should consider giving them expiry dates. Simply to avoid confusion if early keys are later compromised in learning or other environments, or they roll out new keys with new options, management, and usage models as a result of such learning. And no one can keep a key both secure and usable forever. Create and keep a revocation certificate. Though one can assert a compromise and new key in a public signing statement, they are still handy to have, especially for those that can't stand on a soapbox IRL to make such statement (ie: a video). Gnupg 2.2.1 (and probably downstream gpg4win) now puts those revocation certs in handy printable text files by default upon key creation. https://gnupg.org/
I was unable to read/import the above Public Key Block. Perhaps the last couple of lines were mangled.
The old FA8754305BA01D9D key as posted by JYA imports ok as received. The keyservers take care to only carry keys that pass various lint checks and thus can always be imported from there. And they present them cleanly via HKPS or simple plaintext via the web for easy cut / paste. You could probably find some more keys by searching for name or email here... https://gpg.nebrwesleyan.edu/pks/lookup?search=jim+bell&fingerprint=on&hash=on&op=vindex https://gpg.nebrwesleyan.edu/pks/lookup?search=james+bell&fingerprint=on&hash=on&op=vindex https://gpg.nebrwesleyan.edu/