Dr. Jan Philip Bernius

🔐 Keys, Signatures, and Encryption

These are my most commonly used keys for encrypting and signing my work.
I usually sign my git commits with my PGP key. I typically sign my emails with S/MIME; I can send and receive S/MIME and PGP encrypted email (PGP not available on the phone).


My PGP key is available over Web Key Directory (WKD), common Keyservers, and for download here. I typically use PGP for signing git commits, for encrypted email conversations, and for some other encryption tasks. I do not have access to my PGP key on my phone, so I cannot receive PGP encrypted email on the go. GitHub verifies my commits based on this key; double-check this key with the PGP keys on Github profile I am happy to participate in PGP key signing, even though this is hardly a thing anymore. The PGP public key site explains how I use this key in detail.

pub   ed25519/0x09F1850D58C7ABD4 2021-03-22 [C] [expires: 2025-12-31]
      Key fingerprint = 1BF4 0D68 8714 93F1 04AC  3387 09F1 850D 58C7 ABD4
uid                             Jan Philip Bernius <janphilip@bernius.net>
sub   cv25519/0x2B5AEA095D0920E3 2021-03-22 [E] [expires: 2023-12-31]
sub   ed25519/0xC1E164F61967BFDE 2021-03-22 [S] [expires: 2023-12-31]
💾 Download PGP Key (asc)

X.509 Key (S/MIME)

S/MIME is my go-to email encryption format as of the seamless client support (including mobile) and a slightly better adoption than PGP. I am using a X.509 key for email signing and encryption issued by self-signed certificate authority.

        Version: 3 (0x2)
        Serial Number:
        Signature Algorithm: ecdsa-with-SHA384
        Issuer: C=DE, ST=Bavaria, L=Munich, O=Bernius Trust, CN=B20
            Not Before: Oct  1 02:00:00 2022 GMT
            Not After : Feb  1 02:00:00 2026 GMT
        Subject: C=DE, ST=Bavaria, L=Munich, O=Dr. Jan Philip Bernius, CN=Dr. Jan Philip Bernius
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Non Repudiation, Key Encipherment
            X509v3 Extended Key Usage: critical
                TLS Web Client Authentication, E-mail Protection
            X509v3 Subject Key Identifier: 
            X509v3 Authority Key Identifier: 
            X509v3 Issuer Alternative Name: 
                URI:https://code.bernius.net/trust/certificate-authority, email:certmaster@bernius.net
            Authority Information Access: 
                CA Issuers - URI:https://code.bernius.net/trust/certificate-authority/raw/branch/trust/certs/b20.cert.pem
            X509v3 CRL Distribution Points: 
                Full Name:
            X509v3 Subject Alternative Name: 
    Signature Algorithm: ecdsa-with-SHA384
    Signature Value:
💾 Download X.509 Key (pem)


I primarily use this key for SSH access. Ocasinally, I use it also for git commit signing (mostly when I do not have access to my PGP key; or when my PGP key is expired). You can verify this key by comparing it with the SSH keys on Github profile.

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICL4W7mpbNIr7qzlHYHsrlzFcOkb02sYj5I6Gr0efKf2 Dr. Jan Philip Bernius <janphilip@bernius.net>
💾 Download SSH Key

 iMessage Contact Verification Key

My primary instant messenger for personal matters is iMessage. I have iMessage Contact Key Verification enabled.
This is my Public Verification Code:



While I have accounts and keys for other encryption-enabled tools such as Matrix or XMPP, these channels are an edge case and I do not list these keys here (for now).

I use a different set of keys for Work related content, especially SSH and X.509 keys. My work keys are out of scope for my personal site.