This page explains how I communicate confidential, private information with others, and how to validate my messages that they have not been tampered (i.e., signed messages).

Written by Jeriel Jan del Prado, 2020-03-23, Updated 2024-07-02

The Important Parts

I am more paranoid than the average person.
I use GNUPG for encrypting and signing important communications. It's popular, standards-based, battle-tested and highly secure.
Sometimes, I'll write messages that have weird garbled text and signs that say stuff like BEGIN PGP MESSAGE or BEGIN PGP SIGNED MESSAGE. These messages come from me, and can be validated or read with the instructions in this page.
My keys are listed in the My GPG Key section.
To send me a private message, use my public key to encrypt it, then send it to my email. See the Usage section and Contact Points sections.
If you expect a response, provide your public key with the message. For succeeding messages, opt to sign them as well.
If I have to do important public announcements, they'll come with a PGP Signed Message and PGP Signature sections.

Why This Page Exists

In this day and age, everything in computers and print can be manipulated. Software exists that can alter static images (Photoshop), video (After Effects) and even live streams and with sophisticated measures that are difficult to spot to the untrained eye (e.g., neural networks, AI, etc).

Trust is also difficult to establish, because everything in between can be altered, whether through technological, legal or political means. Who knows if Facebook or Twitter gets owned by a malicious corporate entity, or perhaps their servers are hijacked by a malicious third-party or government? What if your ISP starts falsifying HTTPS certificates and alters my messages mid-flight before it reaches your computer?

Finally, this is also about privacy. Sometimes, communications require the highest level of privacy, and this is difficult to do on oral communication alone.

Thankfully electronic communication can be encrypted and signed.

It solves all three points above because nothing beats the mathematics behind the cryptography that enables this all.

**Encryption** ensures that only I can read the message, even if it was posted in public.
Digital signatures ensures that I can write a message that can be validated that was written by me and that it wasn't tampered by anyone in between. This includes infected computers, online services that have been controlled by a malicious actor/s, and even the service (Notion) that's hosting this page right now.

To read more on how this all works, read up on the following links.

GnuPG - the complete and free implementation of the OpenPGP standard. This is the software that I use to handle all cryptography described in this page.
IETF RFC 4880 - the RFC that describes how OpenPGP operates in complete technical detail.

Arguing that you don't care about the right to privacy because you have nothing to hide is no different from saying you don't care about free speech because you have nothing to say. – Edward Snowden

My PGP Key

I've included below my public key. Click the triangle to expand.

🔐Jeriel Jan del Prado's GPG Public Key

If you cannot trust this page itself, I've also posted the same public key in multiple sites that you can trust, and as a last resort, I've also clearsigned this page with the private key.

You can also view the same key at Keybase, a popular key directory and encryption service.

Key servers also have my public key.

jerieljan (Jeriel Jan del Prado) on Keybase

keys.openpgp.org

MIT PGP Key Server