GPG key

I have a GPG public key. This means two things:

  1. I can sign files and email, so you can be sure they come from ‘me’,1 and haven’t been tampered with.

  2. You can send me files and email that nobody else can read. That is, until the Government force me2 to let them read whatever they feel like.

As of 2014-01-12, the fingerprint of my public key is: 4A8F 3D28 4BA4 64B7 CC6E 9701 3794 23FA C0CF 3C78. However, you shouldn’t believe this.3

The fingerprint of my previous public key, from 2007-06-26, was 5DC9 FB3A F5F4 4260 EB55 74A7 A4FF 44BF F7A9 7C53. If you have said previous key then please update it from a keyserver, to see that I made it expire. You should be able to verify that I signed my newer, stronger, key with the previous key.

Below is the download link for my current key:

Iain Nicol.pkr4.3 kB

  1. If you download the GPG key on this website but do not verify the key or its fingerprint over some secure medium (for example, in person), then we are vulnerable to a man‐in‐the‐middle attack.

  2. Straw, Jack, MP; Blunkett, David, MP; et al. (2000). An Act to make provision for and about the interception of communications, the acquisition and disclosure of data relating to communications, the carrying out of surveillance, the use of covert human intelligence sources and the acquisition of the means by which electronic data protected by encryption or passwords may be decrypted or accessed; to provide for the establishment of a tribunal with jurisdiction in relation to those matters, to entries on and interferences with property or with wireless telegraphy and to the carrying out of their functions by the Security Service, the Secret Intelligence Service and the Government Communications Headquarters; and for connected purposes. Queen’s Printer of Acts of Parliament. <http://www.opsi​>.

  3. Id. 1.