{ } { {Marc Haber's GPG Key Policy} { } } {

{Marc Haber's GPG Key Policy}


This document about my GPG key policy will hopefully help you choose which key you can trust at which level. To allow secure handling of keys with a high security level while still permitting the use of other keys for functions that do not need to have this level of security, I use different keys for different purposes.

Since the keys collect signatures in the course of time, I will try to frequently update the public keys available on this web page. The keys should also be available on the public key servers.

Master signature key

pub  4096R/DD9C08C8 2003-08-12 Marc Haber (Master Signature Key - http://www.zugschlus.de/gpg-policy)
     Key fingerprint = AEFA 79DC C992 322E FE84  D300 3C6D 2D16 DD9C 08C8

This signature-only-key is my highest security key. It was generated on a clean Knoppix system and has never been on a system with Internet connectivity. I use this key to sign other keys (both my own and other people's keys) using the policy laid down in my GPG Key Signing Policy and I collect other people's signatures on this key.

The secret part of the Master Signature Key is stored on a CD that never leaves a (hopefully) secure place in my apartment. That copy has a pass phrase with 32 alphanumeric characters. The pass phrase does not contain any English or German words and is not stored on any machine or human readable medium readable by humans. Backup copies of the secret part are stored in two safe deposit boxes at two local banks. The backup copies have different pass phrases built the same way. The pass phrases of to the backup copies are in the other safe deposit box, respectively.

Revocation Certificates for the Master Signature Key are stored in my apartment, in both deposit boxes, and in other secure places including the law office where I was responsible for all office communications in the 1990's.

Communication keys

There are other keys that I use every day. I tend to have one of these keys stored on the USB stick I carry with me, and probably one key per computer I use. That way, a single compromised computer does not compromise all keys that are in use. Keys usually expire 30 months after their generation and go out of active use after 24 months. Thus, signatures made with these keys remain valid until 6 months after the key's last actual use.

The communication keys are signed with my Master Signature Key. If needed (for example, if a key is used to represent a special role of mine, such as being a Debian maintainer or an employee of an organization), additional signatures done with keys trusted by the respective organizations are placed on such a special-purpose key.

Pass phrases for communication keys are much simpler than the one on the Master Signature Key. They are encrypted and stored on my PDA. Revocation Certificates for these keys are stored in my apartment and/or anywhere where an organization requires revocation certificates for their employee/role keys to be stored.

Debian package signature key

pub  1024D/6BBA3C84 2000-02-15 Marc Haber <zugschlus@debian.org>
     Key fingerprint = A3C2 8202 4F97 9BAD 6ED4  84D1 8196 A544 6BBA 3C84

This key is not covered by my key policy since it was created well before the policy was established. A new key is waiting to be added to the key ring, where it will replace the old one.

New debian package signature key

pub  2048R/438D82C2 2003-08-12 Marc Haber (Debian Package Management - http://www.zugschlus.de/gpg-policy) <zugschlus@debian.org>
     Key fingerprint = BB49 B12D 99C0 6311 DEE1  4A5F 2BF0 88AE 438D 82C2
uid                            Marc Haber (Debian Package Management - http://www.zugschlus.de/gpg-policy) <mh+debian-packages@zugschlus.de>

This is the key I will use to sign my new Debian packages once it has made its way onto the Debian key ring. Considering current Debian procedures, this can take several months.

Key for private communication

pub  2048R/zzzzzzzz 2003-xx-xx Marc Haber <mh+gpg@zugschlus.de>
     Key fingerprint = 

This is the key I currently use for private communication. I will stop using it on 2005-xx-xx and it will expire on 2006-xx-xx.


Spam is a big problem. I am pretty sure that this web page will sooner or later be harvested by the spammer robots. To combat the spam problem, all e-mail addresses mentioned on this web page are heavily filtered using MTA policies and spamassassin. Please consider trying to make your messages look like non-spam when using them for legitimate communications.


To be able to create this document, it was necessary to build knowledge about the web of trust, which is very much based on mutual trust. It is therefore very important to know all there is to know about the unwritten regulations and rules of etiquette. Many de.comp.security.misc regulars, including Carsten Eilers, Florian Weimer and Markus Schaaf, helped me build that knowledge in July 2002 and August 2003. This document was very much inspired by Bjoern Buerger and Marcus Frings. Thank you very much!

Revision history

A new revision of the policy can replace this one any time.

1.02003-08-08Initial Release.
1.12003-08-12Include Master Signature Key and new Debian Package Key.
1.22003-08-12New text for Credits.
} } {


{Best Viewed With Any Browser } {Valid HTML 4.01! } {Valid CSS! } {Printer Friendly Version } {Credits } {Marc Haber} {25.08.2003 14:38}