English   Français   Deutsch   中文   日本語

Home   Blog   Contact   Blogroll

Enforcing Cryptographic Trust Establishment

2026-02-05T23:03:34+08:00

Due to security concerns, as of 2026-02-24T00:00:00Z I will enforce cryptographic trust establishment between all my contacts and myself. If you do not establish cryptographic trust with me before that time, I will no longer consider your identities trustworthy.

If you do not have secure devices (for example, a hardware token or a computer running 100% free software), storing an OpenPGP key pair on an insecure device is acceptable for now, as it is better than nothing.

For those unfamiliar with cryptographic trust or OpenPGP, I will publish a blog post explaining them in detail. Below is a brief guide you can follow immediately:

GNU/Linux

Generate an OpenPGP key pair

Graphical method

  1. Install GnuPG and Kleopatra if you do not already have them.
  2. Open Kleopatra and click New Key Pair.
  3. Enter your name and email, check Protect the generated key with a passphrase, then click OK.
  4. Choose a strong passphrase to protect your secret key.
  5. Double-click the key you generated, click Export and you will see your public key. Copy everything from -----BEGIN PGP PUBLIC KEY BLOCK----- to -----END PGP PUBLIC KEY BLOCK-----.

GNU/Linux Generate OpenPGP Keypair Graphical Method

CLI method

  1. Install GnuPG if you do not already have it.
  2. Run gpg --generate-key.
  3. Enter your real name.
  4. Enter your email address.
  5. Enter O and press Enter.
  6. Choose a strong passphrase to protect your secret key.
  7. Run gpg --export --armor <your-email-address> (or, better, gpg --export --armor <your-key-id> or gpg --export --armor <your-fingerprint>). You will see your public key. Copy everything from -----BEGIN PGP PUBLIC KEY BLOCK----- to -----END PGP PUBLIC KEY BLOCK-----.

Sign texts

Graphical method

  1. Open Kleopatra and click Notepad.
  2. Uncheck Encrypt for me.
  3. Paste or enter the text to sign and click Sign Notepad.
  4. The signed text will appear in the input box. Select it (Ctrl+A) and cut it (Ctrl+X).

GNU/Linux Sign Texts Graphical Method

CLI method

  1. Run gpg --clear-sign.
  2. Paste or enter the text to sign and press Ctrl+D (you may need to press it twice).
  3. Copy the text in the terminal from -----BEGIN PGP SIGNED MESSAGE----- to -----END PGP SIGNATURE-----.

Android

Generate an OpenPGP key pair

  1. Install OpenKeychain from F-Droid on your phone.
  2. Open OpenKeychain and tap CREATE MY KEY.
  3. Enter your name and tap NEXT.
  4. Enter your email and tap NEXT.
  5. Do not upload the key to the keyserver for now. Tap CREATE KEY.
  6. Tap the key you have just generated and tap the copy icon to copy your public key to the clipboard.

Android Generate OpenPGP Keypair Graphical Method

Sign texts

  1. Open OpenKeychain, open the menu → Encrypt/DecryptEncrypt text.
  2. Open the menu and uncheck Encrypt to signer.
  3. Paste or enter the text to sign and tap the copy icon to copy the signed text to the clipboard.

Android Sign Texts Graphical Method

Microsoft Windows

Download and install Gpg4win. Open Kleopatra on your computer. The rest of the process is the same as the GNU/Linux graphical method above.

Tildeverse Banner Exchange