View Christopher Geraghty's profile on LinkedIn


My PGP Key - ID 0xF84FDEC04669EE18

Also available from on

Certificate policy statement

The effective CPS for a particular certification will be linked within that signature
The latest policy statement which will apply to new certifcations is available HERE

Key management & General guidelines

My primary (certifying) key is kept offline in a master keyring (on encrypted removable media) except during certifications
Instructions for generating a new keypair and splitting certifying key from subkeys at
Best practice options for your gpg.conf file are discussed here with example gpg.conf

I run gpg under windows and use the following script to open a command prompt using my keysigning GNUPGHOME (so that gpg commands will automatically use master keyring)
when exiting command prompt GNUPGHOME is reset to my normal working keyring and signatures/trust are imported from master keyring

@echo off
cmd /k "cd /D z:\pgp"
gpg -a --export-secret-subkeys > z:\secretsubs
gpg -a --export-options export-local-sigs,export-clean --export > z:\public
gpg --export-ownertrust > z:\trust.txt
gpg --import z:\secretsubs
gpg --import-ownertrust z:\trust.txt
gpg --import-options import-local-sigs --import z:\public

where z:\pgp contains master keyring, trustdb and a version of gpg.conf that references those keys
n.b. Your minimum certification level must be set to 1 ("min-cert-level 1" in gpg.conf) to issue persona signatures
otherwise the export-clean in the script will strip the useless signature during the export/import phase