My keys

Secure communication across the internet requires cryptography. This page documents the keys I use.

For email I use PGP/GPG - I have never seen the point of S/MIME - and I don’t use the Danish Digital Signature.

For remote logon across the internet I use ssh protocol version 2 (I refuse to use telnet/rlogin).

Before using these keys be sure to verify them by some other means than this page (call me, email me or check the signatures on my pgp key and if you find someone you know, then use gpg/pgp to verify the signatures of my ssh keys).

PGP/GPG for e-mail

My public key is keyid 0xC88D08EB and is connected to my primary e-mail addresses hlk@kramse.org and hlk@zencurity.dk:

pub   4096R/C88D08EB 2013-12-03 [expires: 2023-12-01]
Key fingerprint = 6851 0A6C 3171 9FE5 3C51  C6D6 EFDC 8A02 C88D 08EB
uid       [ultimate] Henrik Lund Kramshoej (kramse) <hlk@kramse.org>
uid       [ultimate] Henrik Lund Kramshøj <hlk@zencurity.dk>
sub   4096R/672E8E45 2013-12-03 [expires: 2023-12-01]

Verifying keys

Files downloaded from the internet cannot be trusted - so you need to verify my key after downloading it. The best verification is when you and I meet face to face and I tell you my fingerprint - which you can verify when you have found a key that seems to be mine. I have my fingerprint on my business card so having a physical piece of paper from me can be used to verify the authenticity of the key you downloaded from here or any keyserver.

It might be impractical for us to meet, for instance if you are in a place far from Denmark. Second best verification is if you have verified the key of somebody you trust and she and I have meet at some point in time and signed PGP keys.

This verification is called web of trust and the only thing that is being verified is that the keys used belong to the people in between. By signing other peoples keys you help extend the web of trust and make it easier to verify that keys do in fact belong to the persons involved.

Secure Shell

Sometimes I need access to a computer set up by others and they can send me the password using encrypted e-mail - see GPG above - or use my SSH public key.

The key I use can be downloaded here and verified with this signature If you have verified my PGP key first of course.

Installing my SSH key

First you should add a user - I prefer the user id hlk then make the directory .ssh and install the key with the correct ownership and permissions.

# cd ~hlk
# mkdir .ssh
# cat kramse-public-ssh.txt > .ssh/authorized_keys
# chown -R hlk .ssh
# chmod -R go-rwx .ssh