-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Key Signing Policy for Andrés J. Díaz http://ajdiaz/gpg/policy.txt Version: 2023-03.10 pub rsa4096/0x021D2DCF8575C18B 2021-04-25 [C] Key fingerprint = 4D85 1F4E CDCF D81E F6AB 2FC6 021D 2DCF 8575 C18B Keygrip = 3F3F1C49C1621B2E1E39896B4DE00CFB8CF5DF0C uid [ultimate] Andrés J. Díaz (Personal) sub rsa4096/0xD3F173B21A65EFB4 2021-04-25 [S] [expires: 2026-04-24] Keygrip = A81188065506B835775C0ACF73A1BD86CD4A13D2 sub rsa4096/0xB298615256F4ACFE 2021-04-25 [E] [expires: 2026-04-24] Keygrip = 086522BE93D616B4FB8EE93FC3D44AFA500A3663 This policy is used for signatures made by my GnuPG keys (which ids are listed above), starting from 2021-04-25. (Some signatures before this date were also made under the following conditions. No key was ever signed without checking the identity of the person and the fingerprint.) Before I sign a key, I - verify the identity of the person owning the to-be-signed key by looking at their identity card, equivalent official proof of identity or (in very few cases only) by knowing the person very good for a long time. - receive the key fingerprint from the key owner. This can be on a piece of paper or the fingerprint could get confirmed by the owner during a Key Signing Party or any other event. A signature is always on an user id. By signing an user id, I confirmed for myself, - that the person, who gave me the fingerprint of that key, had the claimed name - at the moment of identity check. I do sign keys of persons from foreign countries as long as there is no indication of fraud (detected by me). Signatures by my GnuPG key(s) do not have any legal relevance. Description of my use of trustlevels: sig3 - I have verified the identity and verified, that the e-mail address of the signed uid belongs/belonged to the person, who has/had control over the key. This is done by a challenge-response system or by sending the signed key to the corresponding user id (both via encrypted mail). sig2 - I have verified the identity - but not the e-mail address (for example because the key does not support encryption to it). sig1 - unused at the moment. Signatures made by caff might not have any special trustlevel. (Trustlevel would be "sig3".) OLD KEYS Keys listed in other policies but not in current one must be EXPIRED or REVOKED. Only master keys will keep active. You should not trust in ancient keys for present time. MOBILE KEYS The following key is intended to use for emails from mobile phone only. - --------- Warning!! Due the nature of mobile phones, this key should be used with low level of confidentiality and only as fast check about my identity. If you need to send some really private message or need to really validate a signature please use the main key above. - --------- pub rsa3072/0x26017282F36D2D29 2023-03-09 [SC] Key fingerprint = 70C1 4C43 E4F4 C412 62E1 C0D5 2601 7282 F36D 2D29 Keygrip = 80D3716BBA7AD41D38F180FB9C163A978F0986EF uid [ultimate] Andrés J. Díaz sub rsa3072/0x4C1F5E999E8BE5C9 2023-03-09 [E] Keygrip = 6E21833C86DE850D4D410EA747FA5123F490CAAF The mobile keys will never used to sign any other key and by nature never expires, but can be rotated in any moment at my own discretion if I considerer the key unsecure for any reason. Periodically will be rotated with no reason. CHANGELOG 2023-03-10 Add section for mobile key. 2021-04-25 Create new policy for new keys. The old ones will be valid until they expired. Master old key will be valid only to revoke subkeys in case of emergency. 2016-02-11 Create new policy and remove some prerequisites for signing, as also remove the location section, act of signing and sig0 level. Old policy: http://ajdiaz.me/gpg/policy.until_2016-02-11.txt 2016-08-11 Update expired date for subkeys. Old policy: http://ajdiaz.me/gpg/policy.until_2016-08-11.txt 2016-10-10 Update expiration date for master key. Old policy: http://ajdiaz.me/gpg/policy.until_2016-10-10.txt -----BEGIN PGP SIGNATURE----- iQJUBAEBCgA+FiEE/zP342UuWusxJxz30/Fzshpl77QFAmQK3QYgGmh0dHA6Ly9h amRpYXoubWUvZ3BnL3BvbGljeS50eHQACgkQ0/Fzshpl77TdLA/+PWpOH8SFdlHS XsCRTWEjH+/vnTZbyAcESkjuiS3+XO3ms0LxlrSiwpDVxs5kc+jHuc/kqTAZX/pP O9lCT3t3snaYTwU8pPm+9qzsVXegDe7hUFzOkOjoZWN5LjtGTErLGohzAW3A5LNW JM5ZqgOEEt8U1Za3NPE/Yk5AudO3SqBN5RCZFdQejwXAubtF/butTpmw7JAU3QMk l0hxA86OVZLF0rkUzbnRtwxgHzWULdaBCvrQs9cMidZfbxQiXTGtivFNSyWgqweM CbORiDBvkm+wEY2X3TxfHR68OJYlTMbBHCf8fKubGnFyQaMOwxNcqmn38zIDlm1X ewupQtASQo8WsvzwqTaNOX7iE4J6/tChhjfNIxkv2jnix7SV8xj96fYvE9cCnJgx 175G96qAbj0C549IZp1IbreNaLKYQtFygV3jP2J4pntdcVa0H+ZiuNgsN7PgJiSq dBU8SMBT6DPqBgsnRzDrFatwmzDKVfs79yb7Kkat/X7ThpQT69jQAgiOZXP+kz0G L13YmjL1KO1IGDipZw1UjMJqQJjWxJM/zzRd4M9OtckoEqQqsaHZsRJJMdPb//zS c/4fF7Or6EyIxQ+K/53k/pV/rFJUV4Wi85yjJYclk4YRCHYWoG92zyKJNRGvb7kL bHC+9BLxtlEOK9SpPqe+yl2mIMGJ/Mc= =fA1N -----END PGP SIGNATURE-----