My e-mail address is


If you want to use encryption when sending me mail, use a format compatible with GnuPG 1.0.6. I installed the IDEA module, so PGP 2.6.x encryption should work too. You can also use recent versions of PGP.

Read the non-technical PGP FAQ in english or german.

There is also a more technical PGP FAQ in english or german.

If you want to use PGP encryption, you'll need my PGP public key. Due to all that confusion about different versions and algorithms I created two keys, one for RSA and one for DSA/DSS/DH. The RSA key has since been signed with some DSS/DH keys. If you need a RSA only key, it's here.
Use whichever key works best for you.

NOTE: There is a major bug in PGP versions 5.0 to 6.5.7 which causes them to accept unauthorized ADKs (Additional Decryption Keys) that have been added to unsigned blocks in keys of a certain format. The description of that bug is here. If you run one of these PGP versions, you should consider upgrading to version 6.5.8 or later or, better yet, GnuPG. None of my keys should contain any sort of ADK. If you have a version of one of my public keys that contains ADKs, it has been tampered with.

To allow you to get a current version of my keys, I set up an auto-responder at

Exploring the Web of Trust

To find out about the Web of Trust, I wrote a Perl program that recursively searches the web of signators for a given key in a GnuPG keyring. It produces a list of signators and signators' signators by levels of remoteness. It creates Unix style shell scripts that retrieve missing keys from keyservers (I don't use automatic key retrieval). It also produces graph data output that can be used with Graphviz from AT&T and Lucent Bell Labs.

The key ring analysis at DTYPE

M. Drew Streib analyzes the key ring of the keyserver on a monthly basis. He uses the "mean shortest distance" (MSD) from all keys in the largest strongly connected set of public keys as a relative measure of trust.
Read more about these analyses.

I wrote two Perl programs that display some results based on these analyses.

Building the Web of Trust

After receiving a key fingerprint for certification, you'll want to ascertain that the key owner has control over all e-mail addresses listed with the UIDs on the public key.

Using GnuPG with slrn

I modified some scripts by Jason Steiner and René Scholz to use GnuPG with the slrn newsreader. They are for verification of clearsigned articles and to sign articles. You'll need Perl for the second one.

Back to Main Page