Dr. Jan Philip Bernius

🔐 Keys, Signatures, and Encryption

These are my most commonly used keys for encrypting and signing my work.
I usually sign my git commits with my PGP key. I typically sign my emails with S/MIME; I can send and receive S/MIME and PGP encrypted email (PGP not available on the phone).

PGP Key

My PGP key is available over Web Key Directory (WKD), common Keyservers, and for download here. I typically use PGP for signing git commits, for encrypted email conversations, and for some other encryption tasks. I do not have access to my PGP key on my phone, so I cannot receive PGP encrypted email on the go. GitHub verifies my commits based on this key; double-check this key with the PGP keys on Github profile I am happy to participate in PGP key signing, even though this is hardly a thing anymore. The PGP public key site explains how I use this key in detail.

pub   ed25519/0x09F1850D58C7ABD4 2021-03-22 [C] [expires: 2028-12-31]
      Key fingerprint = 1BF4 0D68 8714 93F1 04AC  3387 09F1 850D 58C7 ABD4
uid                             Jan Philip Bernius <janphilip@bernius.net>
sub   cv25519/0x2B5AEA095D0920E3 2021-03-22 [E] [expires: 2024-12-31]
sub   ed25519/0xC1E164F61967BFDE 2021-03-22 [S] [expires: 2024-12-31]
💾 Download PGP Key (asc)

X.509 Key (S/MIME)

S/MIME is my go-to email encryption format as of the seamless client support (including mobile) and a slightly better adoption than PGP. I am using a X.509 key for email signing and encryption issued by self-signed certificate authority.

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:0e:db:a6:91:6f:2e:a2:c0:ce:f0:d1:6f:39:c2:42
        Signature Algorithm: ecdsa-with-SHA384
        Issuer: C=DE, ST=Bavaria, L=Munich, O=Bernius Trust, CN=B20
        Validity
            Not Before: Oct  1 02:00:00 2022 GMT
            Not After : Feb  1 02:00:00 2026 GMT
        Subject: C=DE, ST=Bavaria, L=Munich, O=Dr. Jan Philip Bernius, CN=Dr. Jan Philip Bernius
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Non Repudiation, Key Encipherment
            X509v3 Extended Key Usage: critical
                TLS Web Client Authentication, E-mail Protection
            X509v3 Subject Key Identifier: 
                AE:9D:FA:51:AD:3C:0D:90:7B:C3:D8:66:BB:8B:31:7C:92:BE:D6:42
            X509v3 Authority Key Identifier: 
                CC:18:1F:2B:91:3F:E2:19:08:9B:5E:1B:B3:C8:A0:7A:3A:74:76:04
            X509v3 Issuer Alternative Name: 
                URI:https://code.bernius.net/trust/certificate-authority, email:certmaster@bernius.net
            Authority Information Access: 
                CA Issuers - URI:https://code.bernius.net/trust/certificate-authority/raw/branch/trust/certs/b20.cert.pem
            X509v3 CRL Distribution Points: 
                Full Name:
                  URI:https://code.bernius.net/trust/certificate-authority/raw/branch/trust/crls/b20.crl
            X509v3 Subject Alternative Name: 
                email:janphilip@bernius.net
    Signature Algorithm: ecdsa-with-SHA384
    Signature Value:
        30:65:02:31:00:a9:97:07:69:6e:6a:af:d3:75:ac:41:06:d4:
        28:07:c9:e9:11:42:f4:78:ea:7b:64:06:a7:ea:0c:1e:ca:e7:
        23:c0:50:c6:65:3c:87:ba:93:de:8f:35:44:7d:e0:04:70:02:
        30:01:60:66:ed:d6:d3:b5:32:e6:db:09:3e:4d:82:4f:39:b1:
        b4:d2:39:f2:e0:6d:ff:fa:a8:83:c2:8d:e0:21:2f:11:1e:38:
        0b:a1:e9:8f:f9:ab:4a:f5:c1:6e:54:32:14
💾 Download X.509 Key (pem)

SSH Key

I primarily use this key for SSH access. Ocasinally, I use it also for git commit signing (mostly when I do not have access to my PGP key; or when my PGP key is expired). You can verify this key by comparing it with the SSH keys on Github profile.

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICL4W7mpbNIr7qzlHYHsrlzFcOkb02sYj5I6Gr0efKf2 Dr. Jan Philip Bernius <janphilip@bernius.net>
💾 Download SSH Key

 iMessage Contact Verification Key

My primary instant messenger for personal matters is iMessage. I have iMessage Contact Key Verification enabled.
This is my Public Verification Code:

APKTIDj-vUQobNslpnPo5RyOdIdUlB-nx7aZYku09bVot--Tn0ww

Others

While I have accounts and keys for other encryption-enabled tools such as Matrix or XMPP, these channels are an edge case and I do not list these keys here (for now).

I use a different set of keys for Work related content, especially SSH and X.509 keys. My work keys are out of scope for my personal site.