To summit page of drpartha.org.in
Partha's GPG public key
What is GPG ? | Download Partha's GPG public key |
You can now send confidential information
to Partha, by "encrypting" it using GPG.
For doing this (and more), you will need
Partha's GPG Public Key. Read on, to know more.
You will need my GPG public key, if you use GPG for doing any of the following:
Meet the Professor and
learn some cryptography
- send encrypted emails to me
- send encrypted documents to me
- verify the authenticity (absence of tampering or modfication) of documents containing my digital signature
Never take chances with security !
What is GPG ?
What is this GPG Public key ?GPG stands
for GNU Privacy Guard
, an excellent, public domain, FOSS
tool for ensuring privacy and security on the Internet (plus
more). GPG is distributed under GPL (GNU Public License, a
liberal license which grants you several liberties). GPG is
With GPG and my public key, you can encrypt any message, or
file, and send it to me. Only I can decrypt your message because only
I know the corresponding private key (aka "secret key") for
doing this decryption. The encryption cannot be broken by anybody
else. This is the principle of what is known as public key
cryptography (PKC). GPG does many more things, in addition to PKC.
The GPG web site
has lots of very
well written tutorials on cryptography, and security. You can also
download the GPG tool from this site. In general,
GPG comes free, with all standard Linux distributions (unlike that other
fliMSy-cluMSy-MeSsy operating system).
A neat overview and intro to GPG is here.
A well -organised catalogue of GPG commands is here.
Wish to learn more about cryptography, GPG and e-security ?
Learn some cryptography from Prof. Partha. We can organise training programs on cryptography and GPG for you, at
your institution and at your convenience. Send an e-mail to firstname.lastname@example.org, for
- Defend yourself :
Partha's GPG public key ( AE6D555C )
Download the key ( AE6D555C ) and verify its authenticity
IMPORTANT : You will have to install the
on your computer, before you down load
Partha's public key and perform the tests given below.
Note : Key ID : F1D9 9755 is outdated and unusable by me (I lost the passphrase).
DO NOT USE THE F1D9 9755 KEY ANY MORE.
Download my GPG public key : You can download Partha's GPG public
key ( AE6D555C ) as an ASCII text file.
My current key (since 2016-10-08) is :
Key ID: AE6D555C
Key fingerprint 4234 5BA1 685F FE1B 1858 27A6 27D5 781C AE6D 555C
Check the key's authenticity, before you use it :
- First check the md5sum of the file you downloaded. The md5 checksum of Dr. Partha's public key
(keyAE6D555C.asc) file is here You can use
this md5 checksum, to detect if this file (keyAE6D555C.asc) has
been tampered. You can also
ask Dr.Partha how
to use md5 for verification. If the md5 verification fails, delete/discard the above file. Report this failure to email@example.com
Go to the next step, only if the md5 verification succeeds.
- If the md5 verification succeeds, use GPG software to add the key to your GPG keyring. Since crooks can go to any extent, I have electronically signed the md5 file using my own secret key and GPG. The signed md5 file is here. To use this signature file, please see the explanation of this procedure. If the signaure verification fails (impossible to verify signature , or "bad signature" error), delete/discard the key from your key ring.
Report this failure to firstname.lastname@example.org .
Go to the next step, only if the signature verification succeeds.
- Then, check that the fingerprint of the key you got, matches the fingerprint given above. If the fingerprint verification fails, delete/discard the key from your key ring. Report this failure to email@example.com.
Go to the next step, only if the fingerprint verification succeeds.
- To make absolutely sure
that you have indeed an authentic copy of my public key, you must
reconfirm the "fingerprint" of this key with the "fingerprint" of the
original key with me, by directly contacting me. You must do this confirmation process in
addition to, and after making the comparisons mentioned in the
earlier paragraphs. Since you have not yet confirmed my public key, do not use email for making this confirmation. You can start secure and confirmed email correspondance, after my public key has been verified by you.
To be absolutely "absolutely sure" : Follow
Never take chances with
What next ?
You will have to do the above authentication/confirmation tests only once, before you can start using Parha's public key. After you have installed and tested GPG, and after you have obtained and confirmed Partha's GPG public key:
If you need help, ask Dr. Partha
- Send an encrypted test message to Partha using Partha's public key which you have just downloaded and verified.
- Try to create a GPG key pair for yourself. "Export" your public
key to a file and send me this public-key file. I will then send you
an encrypted test message (using your public key), for you to decrypt
(using your private/secret key). In fact, you can even encrypt the
public-key file you send me (i.e. your public key), using my public
- Inform all your friends and colleagues, and make your public key
visible to as many people as possible. You may even decide to
your GPG public key to a public GPG key server, or distribute your public key yourself.
Partha does NOT use any
public key server.
- To make the best use of GPG, build or join a web of trust
- Join a community of cryptography practioners.
Download some cryptography related tutorials