A New Year, a New PGP Key

It is the start of a new year1, and it seems like a good time to update my public encryption key. My previous one — created in 2004 — is both a little weaker, cryptographically speaking, than the ones newly created (1024-bit versus 2048-bit) and also an uncomfortable mixing of my professional and personal lives. For my previous key, I attached all of my professional and personal user ids (e.g. e-mail addresses) to the same key. This time I decided to split my work-related user ids from my other ones. My reasoning for the split is that I might be compelled by my employer to turn over my private key to decrypt messages and files sent in the course of my work. If my personal user ids are also attached to that private key, my employer (and who ever else got ahold of that key), would be able to decrypt my personal messages and files as well. That is not necessarily a good thing. So my solution was to create two keys and cross-sign them. I’ve outlined the process below.

These keys are part of a computer standard and software algorithm called “Pretty Good Privacy“, or PGP. If you are interested in more of a background about PGP, see a companion post on why I digitally sign my e-mail.


  1. Some have even said it is the start of a new decade, but of course that isn’t true. We won’t start a new decade until 2011, just like we didn’t actually start a new millennium until 2001. []